CN101490689B - Content control system and method using certificate chains - Google Patents

Content control system and method using certificate chains Download PDF

Info

Publication number
CN101490689B
CN101490689B CN2007800258488A CN200780025848A CN101490689B CN 101490689 B CN101490689 B CN 101490689B CN 2007800258488 A CN2007800258488 A CN 2007800258488A CN 200780025848 A CN200780025848 A CN 200780025848A CN 101490689 B CN101490689 B CN 101490689B
Authority
CN
China
Prior art keywords
certificate
acr
key
entity
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN2007800258488A
Other languages
Chinese (zh)
Other versions
CN101490689A (en
Inventor
迈克尔·霍尔茨曼
罗恩·巴尔齐莱
罗特姆·塞拉
法布里斯·约刚-库仑
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Delphi International Operations Luxembourg SARL
Original Assignee
SanDisk Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US11/557,010 external-priority patent/US20080010449A1/en
Priority claimed from US11/557,028 external-priority patent/US8140843B2/en
Application filed by SanDisk Corp filed Critical SanDisk Corp
Priority claimed from PCT/US2007/015304 external-priority patent/WO2008013656A2/en
Publication of CN101490689A publication Critical patent/CN101490689A/en
Application granted granted Critical
Publication of CN101490689B publication Critical patent/CN101490689B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

Continuous strings of certificates in a certificate chain received by a memory device sequentially in the same order that the strings are verified. Each string except for the last may be overwritten by the next one in the sequence.

Description

Be used for by the method for storage device validation entity and use the memory storage of this method
The cross reference of related application
The application's case is advocated the rights and interests of 60/819, No. 507 U.S. Provisional Application case of US of application on July 7th, 2006.
The 11/313rd, No. 870 U. S. application case of the application's case and application on Dec 20th, 2005 is relevant; Said application case is advocated the rights and interests of the 60/638th, No. 804 U.S. Provisional Application case of application on Dec 21st, 2004.The application's case further the 11/314th, No. 411 patent application with application on Dec 20th, 2005 is relevant; The application's case further the 11/314th, No. 410 patent application with application on Dec 20th, 2005 is relevant; The application's case further the 11/313rd, No. 536 patent application with application on Dec 20th, 2005 is relevant; The application's case further the 11/313rd, No. 538 patent application with application on Dec 20th, 2005 is relevant; The application's case further the 11/314th, No. 055 patent application with application on Dec 20th, 2005 is relevant; The application's case further the 11/314th, No. 052 patent application with application on Dec 20th, 2005 is relevant; The application's case further the 11/314th, No. 053 patent application with application on Dec 20th, 2005 is relevant.
The application's case is relevant with following U. S. application case: people such as Holzman applied on November 6th, 2006 is entitled as " using the contents controlling method (Content Control Method Using Certificate Chains) of certificate chain " the 11/557th; People such as No. 028 U. S. application case, Holzman applied on November 6th, 2006 be entitled as " content control system (Content Control System Using Certificate Chains) that uses certificate chain " the 11/557th; People such as No. 010 U. S. application case, Holzman applied on November 6th, 2006 be entitled as " contents controlling method (Content Control Method Using Certificate Revocation Lists) that uses certificate revocation lists " the 11/557th; People such as No. 006 U. S. application case, Holzman applied on November 6th, 2006 be entitled as " content control system (Content Control System Using Certificate Revocation Lists) that uses certificate revocation lists " the 11/557th; People such as No. 026 U. S. application case, Holzman applied on November 6th, 2006 be entitled as " contents controlling method (Content Control Method Using Versatile Control Structure) that uses the general controls structure " the 11/557th; People such as No. 049 U. S. application case, Holzman applied on November 6th, 2006 be entitled as " content control system (Content Control System Using Versatile Control Structure) that uses the general controls structure " the 11/557th; People such as No. 056 U. S. application case, Holzman applied on November 6th, 2006 be entitled as " being used to control method (Method for Controlling Information Supplied From Memory Device) " from the information of storage arrangement supply the 11/557th; People such as No. 052 U. S. application case, Holzman applied on November 6th, 2006 be entitled as " being used to control system (System for Controlling Information Supplied From Memory Device) " from the information of storage arrangement supply the 11/557th; People such as No. 051 U. S. application case, Holzman applied on November 6th, 2006 be entitled as " control method (Control Method Using Identity Objects) of using the identity object " the 11/557th; No. 041 U. S. application case; And people such as Holzman the 11/557th, No. 039 U. S. application case that is entitled as " control system (Control SystemUsing Identity Objects) of using the identity object " of applying on November 6th, 2006.
Its entirety that preceding text are enumerated is by reference as stating fully that in this article that kind is incorporated herein.
Technical field
The present invention relates generally to accumulator system, and relates to a kind of accumulator system with Versatile content controlling features in particular.
Background technology
For example the memory storage of flash memory cards has become and has been used to store the for example first-selected medium of digital content such as photo.Flash memory cards also can be used for distributing the media content of other type.In addition, the host apparatus of more and more kinds, for example computing machine, digital camera, cellular phone, PDA(Personal Digital Assistant) and media player (for example, the MP3 player) have the ability that is stored in the media content in the flash memory cards that appears at present.Therefore, there is great potential to become to be used for the widely used medium of distribute digital content in the flash memory device of flash memory cards and other type.
One of the owner of digital content and significant concern point of distributor be,, should only allow through the said content of authorized party's access through after the network download of for example the Internet or the distribution through the content on the memory storage are assigned with in content.One of mode of avoiding unauthorized access is to use a kind of system that is used for before Xiang Yifang grants content access, setting up said side's identity.The system that has developed Public Key Infrastructure (PKI) for example is to be used for this purpose.In the PKI system, (Certificate Authority, the letter authorized party that puts CA) issues certificate, to prove the identity of individual and tissue to be called certificate authority.Hope is set up the available suitable evidence of each side (for example organizations and individuals) of the proof of identity and is registered to said certificate authority, to prove its identity.After CA proof one side's identity, CA will issue certificate to this side.Said certificate comprises the title of the CA that issues said certificate usually, said certificate is published a side's who gives title, said side's public keys, and signs the said side's of (usually through the summary of said public keys is encrypted) public keys through the private key of CA.
The private key of CA is relevant with public keys, make to use any data of public-key encryption to decipher through said private key, and vice versa.Therefore, it is right that private key and public keys form a key.Provide being used for the right explaination of cryptological special use and public keys in " PKCS#1 the 2.1st edition: rsa cryptosystem art standard (RSA Cryptography Standard) " that proposed on June 14th, 2002 in RSA security (RSA Security) company limited.The public keys of CA can openly be taken.Therefore, when whether true a side hope check by certificate that the opposing party provided when, check can be used decipherment algorithm, use simply the public keys of CA decipher public keys in the certificate through cryptographic digest.Usually, also in said certificate, discern said decipherment algorithm.If the digests match of the not encrypted public keys in cryptographic digest and said certificate of the public keys in the said certificate; So based on the trust to the authenticity of the public keys of CA and CA, this proves that public keys in the said certificate is not altered as yet and is real.
In order to check a side identity, check side will send inquiry (for example, random number) usually, and require the opposing party to send its certificate and to the response of said inquiry the random number of the opposing party's private key encryption (that is, with).When said response and certificate were received, whether check side at first checked the public keys in the said certificate true through said process.If said public keys is verified as really, check can then use the public keys in the said certificate to decipher said response so, and the random number of result and original transmission is compared.If its coupling this means that so the opposing party has correct private key really, and from said its identity of reason proof.If the public keys in the said certificate is not real, if or saidly fail and said inquiry coupling, authentication failed so through the deciphering response.Therefore, hope that a side who proves its identity has said certificate and the private key that is associated with needs.
Through above-mentioned mechanism, that possibly not trust each other two can use said process, and the public keys through the opposing party in check the opposing party's the certificate breaks the wall of mistrust.X.509, recommendation from the telecommunication standardization sector (ITU-T) of International Telecommunication Union is the standard of regulation certificate framework.More details about certificate and use thereof can be consulted this standard.
In administrative organization and in large organization, for the purpose of facility, concerning the upper CA that is called root CA, it possibly be suitable authorizing the responsibility of issue certificate to some more rudimentary CA.For instance, in the two-stage type level, giving more rudimentary CA at five-star CA issue certificate, is real with the public keys of identifying these more rudimentary authorized parties.These more rudimentary authorized parties give each side through above-mentioned registration process issue certificate again.Checkout procedure begins from the top of certificate chain.Check side will at first use the said public keys (being known as real) of said CA at first to check the authenticity of the public keys of more rudimentary CA.In case the authenticity of the said public keys of said more rudimentary CA is verified, just can check the authenticity of the more rudimentary side's that certificate issuance is arrived public keys through the public keys that uses said more rudimentary CA through check.Then, form the certificate chain of two certificates of the side that identity just is being verified by the certificate of said CA and more rudimentary CA issue.
The certificate level can comprise two higher levels certainly, wherein except root CA, derives its authority at each more rudimentary CA from upper CA, and has the certificate that contains by its public keys of upper CA issue.Therefore, the authenticity for the public keys of checking the opposing party has path or chain that necessity tracks the certificate of root CA.In other words, in order to set up a side identity, identity needs certified one can need to produce whole certificate chain, from himself certificate up to root ca certificate.
As stated, said certificate can openly be taken with all certificates (being distributed to the certificate of more rudimentary CA in the for example above-mentioned certificate level) that are distributed to CA.At present, two kinds of forms have been adopted in the submission that is used to prove the certificate of identity.In first form, hope that the side verified only submits himself the certificate of being issued by CA to, said certificate is last certificate in the certificate chain.If check side does not have the public keys of the CA of the said certificate of issue, carry out check by the said public keys of this side's acquisition CA so.Check at public keys that must higher authorized party under the situation of public keys of more rudimentary CA, check side will use the publisher's in the certificate title and the path of following the trail of the public keys that arrives said certificate and upper CA.This process continues, and arrives known its public keys up to check side for till not needing the further CA that checks really.
In second form of certification authentication,, need not submit said certificate to any certain order though can submit all certificates in the chain to by the side that hope is verified.Also submit information to if hope a side who is verified about the proper order of the certificate in the chain that is sent to check side together with certificate; This information possibly occur laterly in message so, makes said check to be received the correct sequence of just knowing said certificate up to whole certificate chain.
The certificate exchange of first form guarantees to check the certificate that can reach the access loss with check.Though for device accessing such as computing machine and cellular phone for example for example network such as the Internet be possible with the certificate that obtains to lose, for example memory storage such as flash memory cards itself is not used to do so as yet.
In the certificate exchange and check of second form, in sending to the message of verifying attachment, submit all certificates to, thereby make verifying attachment needn't obtain said certificate.Yet said certificate maybe be sends with any certain order, and can come across in the message Anywhere about the information of the certificate sequence in the chain, for example in ending place of message.This means that in chain any particular certificate can be analyzed being used for before the check, need before check can begin, receive and store whole certificate group.Though this possibly not be a problem for host apparatus such as computing machine, PDA and cellular phone for example, this possibly have problems for memory storage.Memory storage can have embedded memory span and processing power, and it is quite limited so that can't store and the certificate of analyzing long string effectively.
Because the cause of above-mentioned various disputes and problem, the system that in memory storage and host apparatus, uses at present is all not exclusively satisfactory.Therefore, the improved system with better characteristic need be provided.
Summary of the invention
Certificate chain comprises a plurality of continuous certificate strings.Each string comprises at least one certificate.When receiving these strings at check entity place, said entity is with these strings of a sequential test.If said certificate string is received with the sequence identical with its sequence that is verified, above-mentioned difficulties will be able to avoid so.If said certificate string is received in this way, and if whole certificate chain be received, memory storage can easily be used to check the authenticity of these certificates in the chain so.
Because the continuous certificate string in the said certificate chain is received with the order identical with its order that is verified in proper order,, no longer need the information in this certificate string so this means after individual other certificate string has been received and has checked.According to another embodiment, at least one the certificate string that is received and is stored in the storage arrangement can be rewritten by the string subsequently in the said sequence.In this way, can significantly reduce must be retained be used in the storage chains certificate for the check amount of memory.
All patents of this paper reference, patent application case, paper, books, instructions, standard, other publication, document and content are incorporated herein by reference from all purposes in full.The publication of being incorporated into, document or content any one with the original text of this document between term definition or use in any inconsistent or scope of conflict in, definition or the use of said term in this document will be taken as the leading factor.
Description of drawings
Fig. 1 is the block scheme of the accumulator system of communicating by letter with host apparatus, and it can be used for explaining the present invention.
Fig. 2 is the different subregions of storer and is stored in unencryption and the synoptic diagram of encrypt file in the different subregions; Wherein the access of some subregion and encrypt file is controlled by access strategy and proving program, said synoptic diagram can be used for explaining different embodiments of the invention.
Fig. 3 is the synoptic diagram of the storer of the different subregions in the explanation storer.
Fig. 4 is the synoptic diagram of document location table that is used for the different subregions of storer shown in Figure 3, and wherein some files in the subregion are through encrypting, and said synoptic diagram can be used for explaining different embodiments of the invention.
Fig. 5 is access control record and the synoptic diagram of the key reference that is associated in the access controlled record group, and it can be used for explaining different embodiments of the invention.
Fig. 6 is the synoptic diagram that is write down the tree construction that forms by access controlled record group and access controlled, and it can be used for explaining different embodiments of the invention.
Fig. 7 is the synoptic diagram of tree of three hierarchical tree of explanation access controlled record group, and it is in order to the forming process of specification tree.
Fig. 8 A and 8B are the process flow diagram of explanation by the process of host apparatus and storage arrangement implementation, and said storage arrangement for example is the memory cards that is used to create and the using system access control is write down.
Fig. 9 is the process flow diagram that the process of creating access controlled record group is write down in the access control of explanation using system, and it can be used for explaining different embodiment.
Figure 10 is the process flow diagram that explanation is used to create the process of access control record.
Figure 11 is the synoptic diagram of two access control record groups, and it can be used for explaining the application-specific of hierarchical tree.
Figure 12 is the process flow diagram of the licensing process of explanation specific rights.
Figure 13 is the synoptic diagram of access controlled record group and access control record, and it is in order to the licensing process of explanation Figure 12.
Figure 14 is the process flow diagram that the process of the key be used to encrypt and/or decipher purpose is created in explanation.
Figure 15 is that explanation is used for removing access right and/or to the process flow diagram of the process of the allowance of data access according to institute access controlled record.
Figure 16 is the process flow diagram that explanation is used for having asked by deletion or when having expired when access right and/or to the allowance of access the process of access.
Figure 17 A and 17B are explanations to being used to grant to the checking of the access of cryptographic key and the synoptic diagram of the tissue of the regular texture of strategy, and it can be used for explaining different embodiments of the invention.
Figure 18 is that explanation is used for according to the block scheme of policy control to the database structure of the alternative method of the access of protected information.
Figure 19 is the process flow diagram that the proof procedure that accesses to your password is described.
Figure 20 is the figure of explanation several host certificate chain.
Figure 21 is the figure of the some device certificate chains of explanation.
Figure 22 and 23 is protocol figures that explanation is used for the process of unidirectional and mutual proof scheme.
Figure 24 is the figure that can be used for explaining the certificate chain of one embodiment of the present of invention.
Figure 25 is that explanation is in the control sector before the certificate impact damper is the table that last certificate is sent to the information that storage arrangement sends by main frame; It shows that said certificate is the indication of the last certificate in the certificate chain, and said table is in order to the explanation another embodiment of the present invention.
Figure 26 and 27 explains respectively card and the process flow diagram of host process of just verifying the proof scheme of host apparatus to memory cards wherein.
Figure 28 and 29 explains respectively to the wherein card of the proof scheme of the positive verifying memory card of host apparatus and the process flow diagram of host process.
Figure 30 and 31 is process flow diagrams that the process of being carried out by host apparatus and storage arrangement is described respectively, wherein is stored in certificate revocation lists in the storage arrangement by host device retrieves, and said process flow diagram is in order to explain another embodiment of the present invention.
Figure 32 is the figure that shows the certificate revocation lists of the field in the tabulation, and it is in order to explain an embodiment more of the present invention.
Figure 33 and 34 is that explanation is respectively applied for the card of use certificate revocation lists certification of proof and the process flow diagram of host process.
Figure 35 is that explanation is used to card and the data that send to main frame are signed and is used to decipher the process flow diagram from the card process of the data of main frame.
Figure 36 explains the process flow diagram that wherein blocks the host process that the data that send to main frame are signed.
Figure 37 explains that main frame wherein will send to the process flow diagram of the host process of memory cards through enciphered data.
Figure 38 and 39 is process flow diagrams that explanation is respectively applied for the process of general information inquiry and careful information inquiry.
Figure 40 A is the functional-block diagram of the system architecture in the storage arrangement (for example, flash memory cards) that is connected to host apparatus, and it is in order to explanation one embodiment of the invention.
Figure 40 B is the functional-block diagram of in house software module of the SSM core of Figure 40 A.
Figure 41 is the block scheme that is used to produce the system of disposal password.
Figure 42 is the functional-block diagram that explanation one-time password (otp) seed supply and OTP produce.
Figure 43 is the protocol figure in explanation seed supply stage.
Figure 44 is that the explanation disposal password produces the protocol figure in stage.
Figure 45 is the functional-block diagram of explanation DRM system.
Figure 46 is the protocol figure that explanation is used for the process of licence supply and download content, and wherein key provides in the licence object.
Figure 47 is the protocol figure that explanation is used for the process of replay operations.
Figure 48 is the protocol figure that explanation is used for the process of licence supply and download content, and wherein key does not provide in the licence object.
Characteristic among the various embodiment of graphic explanation each side of the present invention.In order to describe for simplicity, in the application's case, same components is by the same numeral mark.
Embodiment
Wherein but the example memory system of embodiment of the present invention each side is by the block diagram illustrating of Fig. 1.As shown in Figure 1, accumulator system 10 comprises CPU (CPU) 12, buffer management unit (BMU) 14, host interface module (HIM) 16 and flash interface module (FIM) 18, flash memory 20 and peripheral access module (PAM) 22.Accumulator system 10 is communicated by letter with host apparatus 24 with port 26a through host interface bus 26.Possibly for host apparatus 24 data storage device is provided for the flash memory of NAND type 20; Host apparatus 24 can be digital camera, personal computer, PDA(Personal Digital Assistant), digital media player (for example, MP-3 player), cellular phone, STB or other digital device or utensil.The software code that is used for CPU 12 also can be stored in flash memory 20.FIM 18 is connected to flash memory 20 through flash interface bus 28 with port 28a.HIM 16 is suitable for being connected to host apparatus.Peripheral access module 22 selects suitable controller module (for example, FIM, HIM and BMU) to communicate by letter with CPU 12 being used for.In one embodiment, all component of the system 10 in the frame of broken lines can be enclosed in the single unit (for example, among memory cards or the excellent 10') and tunica envelope preferably.Accumulator system 10 is connected to host apparatus 24 removedly, makes that the content in the system 10 can be by each access of many different host apparatus.
In the description hereinafter, accumulator system 10 is also referred to as storage arrangement 10, or is called storage arrangement or device simply.Though reference flash storer explanation the present invention among this paper, the present invention also can be applicable to the storer of other type, for example disk, optics CD, and the rewritable nonvolatile memory system of all other types.
Buffer management unit 14 comprises main frame direct memory access (DMA) (HDMA) 32, quickflashing direct memory access (DMA) (FDMA) 34, moderator 36, impact damper RAS (BRAM) 38 and crypto engine 40.Moderator 36 is shared bus moderators, only makes at any time a master control set or initiator (it can be HDMA 32, FDMA 34 or CPU 12) can be to be in active state, and slave unit or target are BRAM 38.Moderator is responsible for suitable initiator request is multiplexed to BRAM 38.HDMA 32 and FDMA 34 are responsible for the data that between HIM 16, FIM18 and BRAM 38 or CPU RAS (CPU RAM) 12a, transmit.The operation of HDMA 32 and FDMA 34 be conventional and this paper in do not need to describe in detail.BRAM 38 is used for the data of transmission between storage host device 24 and the flash memory 20.HDMA 32 and FDMA 34 are responsible between HIM 16/FIM 18 and BRAM38 or CPU RAM 12a Data transmission and are used to indicate the sector to accomplish.
In one embodiment, accumulator system 10 produces and is used to the key value encrypting and/or decipher, and wherein this value preferably in fact can not be by for example host apparatus 24 accesses such as external device (ED) such as grade.Perhaps, also can (for example by license server) produce key value, and send it to system 10 in system 10 outsides.Produce key value howsoever,, just have only the empirical tests entity can the access keys value in case key value is stored in the system 10.Yet file ground carries out encryption and decryption one by one usually because host apparatus with the form reading of data of file with write data into accumulator system 10.Memory storage as many other types is such, and storage arrangement 10 is management document not.Though storer 20 certain storage file allocation tables (FAT) (wherein discerning the logical address of file), FAT can't help controller 12 accesses and management usually by host apparatus 24.Therefore; In order to encrypt the data in the specific file; Controller 12 must depend on the logical address that host apparatus sends the data in the file in the storer 20, makes system 10 can use the data that only can be found and encrypted and/or decipher specific file by the key value that system 10 uses.
For both provide handle to come handling the data in the file with cryptographic methods with reference to same key to host apparatus 24 and accumulator system 10; Host apparatus provides the reference to each of the key value that is produced or sent to system 10 by system 10, and wherein this type of is with reference to may simply be key ID.Therefore, main frame 24 will be associated with key ID by each file that system's 10 usefulness cryptographic methods are handled, and system 10 will be used for being associated with the key ID that is provided by main frame with each key value of cryptographic methods deal with data.Therefore, when host requests during with the cryptographic methods deal with data, its will be described request together with key ID together with treating that the logical address of obtaining or be stored in the data the storer 20 from storer 20 sends to system 10.System 10 produces or receives key value and will be worth therewith by the key ID that main frame 24 provides and is associated, and carries out cryptographic processing.In this way, need not make variation aspect the mode of accumulator system 10 operations, allow it to use key to control cryptographic processing fully simultaneously, comprise proprietary access key value.In other words, in case key value is stored in the system 10 or produced by system 10, system just continues to allow main frame 24 to come management document through the proprietary control that has FAT, and it is kept to the proprietary control to the management of the key value that is used for cryptographic processing simultaneously.After key value was stored in the accumulator system 10, host apparatus 24 was irrelevant with the management to the key value of the cryptographic processing that is used for data.
The key ID that provides by main frame 24 with send to accumulator system or form two attributes measuring by the key value that accumulator system produces, hereinafter embodiment one in be called " contents encryption key " or CEK.Though main frame 24 can make each key ID be associated with one or more files, main frame 24 also can make each key ID with without the data of tissue or by any way the data of tissue be associated, and be not limited to be organized as the data of complete file.
In order to make user or application program obtain the access to protected content in the system 10 or zone, it will use to the voucher of system's 10 registered in advance and verify.Voucher interrelates with the access right of granting to specific user or application program with this voucher.In the registered in advance process, the identity of storage users of system 10 or application program and voucher and by the user or application program is definite and the record of the access right that the identity therewith that provides through main frame 24 and voucher are associated.After registered in advance is accomplished, when user or application requests write data into storer 20, it need provide its identity and voucher through host apparatus, be used for the key ID of enciphered data, and the logical address that will be stored through enciphered data.System 10 produces or receive key value also makes this value be associated with the key ID that is provided by host apparatus, and will be stored in its record that is directed against this user or application program to the key ID of the key value that is used for encrypting data to be written or show.It is followed enciphered data and will be stored in the place, address by the main frame appointment through the key value of enciphered data and generation or reception.
When user or application requests read through enciphered data from storer 20, its with needs its identity and voucher are provided, to the key ID of the key that before had been used to encrypt the data of being asked, and the logical address that is stored through enciphered data.System 10 will be then matees the user who is provided by main frame or application identity and voucher and user or the application identity and the voucher that are stored in its record.If their couplings; System 10 will then obtain the key value that is associated with the key ID that is provided by user or application program from its storer so; Use the key value deciphering to be stored in data, and will send to user or application program through data decryption by the place, address of host apparatus appointment.
Through verifying that voucher separates with management to the key that is used for cryptographic processing, then might be under the situation of not sharing voucher the right of shared access data.Therefore, but the group's access with user or application program of different vouchers is used for the same key of access identical data, and the user outside this group does not have access right.Though but all users in the group or application program access identical data, it possibly still have different rights.Therefore, some users or application program possibly have read-only access right, and other user or application program possibly only have the access right of writing, and other user or application program possibly have both in addition.Since system 10 keep user or application identity and voucher, its can access key ID and with the record of each access right that is associated of key ID; So system 10 might to the specific user or application program be added or the deletion key ID also changes the access right that is associated with this type of key ID; Weigh to another user or application program authorize access from a user or application program; Or even deletion or add record or the table be used for user or application program, all as through the suitable host apparatus of verifying control.The record of being stored can be specified needs escape way to be used for some key of access.Can use symmetry or asymmetric algorithm and password to accomplish checking.
The particularly important is the portability of the secure content in the accumulator system 10.Therein among the access of key value the embodiment, when accumulator system or incorporate memory storage that said system is arranged into when an external system is transferred to another external system, keep the security that is stored in content wherein by accumulator system control.No matter key is produced by accumulator system and still is derived from the accumulator system outside, external system this type of content in all can not access system 10 is only if it is with fully by the mode empirical tests of accumulator system control.Even after empirical tests like this, access is also fully by accumulator system control, and the mode access that only can control according to the preset recording in the accumulator system of external system.If this type of record is not observed in request, request will be rejected so.
For the big dirigibility of protection content aspect is provided, some zone of envisioning the storer that hereinafter is called subregion only can be by coming access through the user or the application program of suitably checking.When with based on the above-mentioned characteristics combination of the data encryption of key the time, system 10 provides bigger data protection ability.As shown in Figure 2, flash memory 20 can be divided into some subregions with its memory capacity: user area or subregion and customization subregion.User area or subregion P0 can be by all users and application program accesses under situation about not verifying.Can read or write (encryption) by Any Application or user though be stored in all place values of the data in the user area, not decipher the information that user or the application program of authority can not access be represented by the place value that is stored in the user area if data read is learnt from else's experience.This (for example) is by the file 102 and 104 explanations that are stored among the P0 of user area.Being stored in equally in the user area is unencryption file (for example, 106), and it can be read and understood by all application programs and user.Therefore, symbolically, encrypted document presentation is to have the lock that for example is used for file 102 and 104 that is associated with it.
Though can't be understood by application program or user without permission through encrypt file among the P0 of user area, this type of application program or user possibly still can delete or destroy file, and this possibly be undesirable for some are used.For this purpose, storer 20 also comprises protected customization subregion, for example subregion P1 and P2, its can not in advance under the situation of checking by access.Hereinafter explain the proof procedure of permitting among the embodiment in the application's case.
Same as illustrated in fig. 2, but the file in multiple user or the application program access memory 20.Therefore, user 1 and 2 and application program 1-4 (the device on the operation) in Fig. 2, show.Before the protected content in allowing these entity access memories 20, it is at first verified by proof procedure with the mode of hereinafter explaination.In this process, just asking the entity of access to be identified to realize access control at host computer side based on the role.Therefore, the entity of request access is at first discerned himself through for example supplying information such as " I are an application program 2, and I hope to read file 1 ".Controller 12 then with identity, authorization information and request and be stored in storer 20 or controller 12 in record mate.If satisfy all requirements, so then grant access right to this entity.As illustrated in fig. 2, allow the file 101 of user 1 from subregion P1 to read and write, but file 106 from P0 read and to the not limited right that it writes, user 1 only can read file 102 and 104 except user 1 has to it.On the other hand, do not allow user's 2 accessing files 101 and 104 but user 2 have file 102 read and write access right.As indicated among Fig. 2, user 1 and 2 has identical login algorithm (AES), and application program 1 and 3 has different login algorithms (for example, RSA and 001001), and it also is different from the login algorithm of user 1 and 2.
Safety storing application program (SSA) is the security application of accumulator system 10, and explanation one embodiment of the invention, and it can be used for implementing the many characteristics in the characteristic of above-identified.SSA can be presented as software or computer code, wherein in the nonvolatile memory (not shown) of database storing in storer 20 or CPU 12, and is read among the RAM12a and by CPU 12 and carries out.The acronym that statement is used with reference to SSA in the following table:
Definition, acronym and abbreviation
ACR The access control record
AGP ACR group
CBC The sequence block encryption
CEK Contents encryption key
ECB Electronic codebook mode
ACAM The ACR attribute management
PCR The permission control record
SSA The safety storing application program
Entity Therefore login SSA also utilizes it functionally to have anything of true and individual existence (host computer side).
The SSA system description
Data security, integrality and access control are the main effects of SSA.Data are originally can clearly be stored in the file on certain mass storage device.The SSA system is positioned at the top of storage system and is that the Hosts file of being stored adds layer of security, and the data of safety structure of describing through hereinafter provides security functions.
The main task of SSA be management with storer in store the content associated different rights of (and safety).Storage application need be managed a plurality of users and to the content rights of a plurality of institutes memory contents.Host application program is looked visible driver of this type of application program and subregion sideways from it, and the file allocation table (FAT) of managing and describe the position of stored file on the memory storage.
In the case, memory storage uses and is divided into the NAND flash chip of subregion, but also can use other flash memory device and its within the scope of the invention.These subregions are continuous logical address threads, and wherein start and end address defines its border.Therefore, can be optionally by software (for example, being stored in the software in the storer 20) to access dielectric imposed limits to hidden partition, said software makes the address in this type of restriction and this type of border.SSA can be through coming to distinguish fully subregion by the logical address border of the subregion of its management.The SSA system uses subregion to come physically, and protected data makes it avoid the influence of unwarranted host application program.For main frame, subregion is to be defined in the wherein mechanism in the special space of storing data files.These subregions can be public, wherein have any existence that can understand and recognize subregion on the device per capita to the access right of memory storage; Perhaps subregion is special-purpose or hides, but wherein only selected host application program access and recognize that it is present in the memory storage.
Fig. 3 be the explanation storer subregion P0, P1, P2 and P3 (obviously, can use be less than or more than four subregions) the synoptic diagram of storer, wherein P0 is can be by the public partition of any entity access under situation about not verifying.
Private partition (for example, P1, P2 or P3) is hidden the access to the file of its inside.Through preventing the said subregion of main frame access, flash device (for example, flash cards) gives the protection to the data file of subregion inside.Yet there is the All Files in the hidden partition in this protection through having contained to stay to the access dielectric imposed limits to the data that are stored in the logical address place in the subregion.In other words, said restriction is associated with a certain ranges of logical addresses.All user/main frames that can the said subregion of access will have the not restricted access power to inner All Files.For different files (or file group) are isolated from each other, the SSA system uses key and key reference or key ID that the security and the integrality of another level of every file or file group are provided.Be used to encrypt place, different memory address data the specific key value key with reference to or key ID can be extrapolated to container or the territory of containing through enciphered data.For this reason, in Fig. 4, key reference or key ID (for example, " key 1 " and " key 2 ") use pattern exhibiting to be the zone around the file that uses the key value encryption that is associated with key ID.
Referring to Fig. 4, for instance, file A can be by the access under situation about not verifying of all entities, because it is shown as not by any key ID sealing.Although the file B in the public partition can be read or rewritten by all entities, the data that it contains with the secret key encryption with ID " key 1 " make that contained information can not be by the entity access, only if this entity has the access right to this key among the file B.In this way, use reference of key value and key or key ID that virtual protection only is provided, this forms contrast with the protection type that is provided by above-described subregion.Therefore, but any main frame of access subregion (public or special-purpose) can read or write the data in the whole subregion, comprises through enciphered data.Yet, because data are through encrypting, so unwarranted user only can destroy it.It preferably can not change data under situation about not being detected.Through the access right of restriction to encryption and/or decruption key, this characteristic can only allow authorized entity to use said data.File B and C also use the secret key encryption with key ID " key 2 " in P0.
Can data confidentiality and integrality be provided through the symmetric encryption method (every CEK method) of using contents encryption key (CEK).In SSA embodiment, the key value among the CEK is produced or is received by the flash device (for example, flash cards) that only uses in inside, and keeps as secret for the external world.That also can be hash through the data of encrypting or encipher or password by the chain type piecemeal to guarantee data integrity.
And all data in the case of non-partitioned are associated by different secret key encryptions and with different key IDs.In the public or user file or operating system zone (that is, and some logical address in FAT) maybe be with any key or key with reference to not being associated, but and therefore can be by any entity use of access subregion itself.
Call establishment key and subregion and write and read or use the entity of the ability of key to login the SSA system through access control record (ACR) from wherein carrying out data.The privilege of ACR in the SSA system is called action.Each ACR can have permission to carry out the action of following three classifications: creates the division and key/key ID, access subregion and key, and other ACR of establishment/renewal.
ACR organizes with group, is called ACR group or AGP.In case ACR is good authentication, the SSA system just opens a dialogue, can carry out any one of action of ACR through said dialogue.ACR and AGP are used for according to the safety of access data structure of policy control to subregion and key.
User partition
One or more public partition of SSA system management are also referred to as user partition.This subregion is present on the memory storage, and is to read the subregion of write command access through the standard of memory storage.Acquisition about partition size with and the information of existence on device preferably can not hide to host computer system.
The SSA system makes it possible to read write command or this subregion of SSA order access through standard.Therefore, the access subregion preferably can not be limited to specific ACR.Yet the SSA system can make host apparatus can access be limited to user partition.Can individually launch/stop using and read and write access.Allow all four combinations (for example, only write, only read (write protection), read and write, and do not have access).
The SSA system can be associated key ID ACR with file in the user partition, and uses the key that is associated with this type of key ID to encrypt respective files.What the access user partition was interior will use the SSA command set to accomplish through encrypt file and setting to the access right of subregion.Above characteristic also is applicable to the data that are not organized as file.
The SSA subregion
These are only can be through hiding (unauthorized party is hidden) subregion of SSA order access.Except through coming the access SSA subregion by signing in to the dialogue (hereinafter descriptions) that ACR go up to set up, the SSA system incites somebody to action and will not preferably allow host apparatus access SSA subregion.Similarly, preferably, SSA will not provide the information about existence, size and the access permission of SSA subregion, only if the dialogue that this request is passed through to be set up arrives.
Access right to subregion derives from the ACR permission.In case ACR signs in in the SSA system, its just can with other ACR shared partition (hereinafter description).When creating the division, main frame is that subregion provides with reference to title or ID (for example, the P0-P3 among Fig. 3 and 4).This is with reference to being used for further reading and write command subregion.
Cutting apart of memory storage
All available storage of device preferably are assigned to the SSA subregion of user partition and current configuration.Therefore, any cutting operation again possibly relate to reconfiguring of existing subregion.Net change to installed capacity (the big or small sums of all subregions) will be zero.The ID of the subregion in the device memory space is defined by host computer system.
Host computer system can one be divided into two less subregions or two existing subregions (its maybe or possibly not be close to) are merged into one what have subregion now again.Data in the subregion of dividing or merging can be wiped or remained unaffected by the main frame consideration.
Because cutting apart again of memory storage possibly cause data degradation (because it is wiped free of or moves) everywhere in the logical address space of memory storage, so the strictness restriction of SSA system management to cutting apart again.Only allow to stay the ACR issue that exists among the root AGP (hereinafter explaination) and cut apart order again, and it only can be with reference to the subregion that it had.Because the SSA system do not know how data are organized (FAT or other file system structure) in subregion, so the responsibility of main frame is in that any time of segmenting device is rebuild these structures again.
The size and other attribute of cutting apart this subregion that change main frame OS is seen again of user partition.
After cutting apart, the responsibility of host computer system is to guarantee that any ACR in the SSA system is not with reference to non-existing subregion again.If on behalf of the future of the non-existing subregion of these ACR accesses, these ACR not by suitable deletion or renewal, so attempt and will detected and refuse by system.Key and key ID about deletion are given similar attention.
Key, key ID and virtual protection
When file was written to a certain hidden partition, it was hidden to general public.But, in case an entity (hostile or not hostile) to be understood and to the access right of this subregion, file just becomes available and sees easily.For further protected file, SSA can encrypt it in hidden partition, and the voucher that wherein is used for the key that access is used for file is deciphered preferably is different from the voucher that those are used for the access subregion.Because file is fully by the fact of host computer control and management, become problem so that CEK is associated with file.File chaining will be proofreaied and correct this to a certain content (key ID) that SSA confirms.Therefore, when SSA created key, main frame made the key ID of this key be associated with the data of using the secret key encryption of being created by SSA.If said key is sent to SSA together with key ID, so said key and the key ID couplet that can easily be relative to each other.
Key value and key ID provide logical security.All data that are associated with given key ID (no matter its position how) are with the enciphering of the same key value in the contents encryption key (CEK), and the reference title of said CEK or key ID provide when being created by host application program uniquely.If an entity obtain access right (through via the ACR checking) to hidden partition and hope to read or write in this subregion through encrypt file, it needs the key ID that can access be associated with said file so.When granting to the time to the access of the key of this key ID; SSA loads on key value among the CEK that key ID is associated therewith; And before data being sent to main frame, data are deciphered, or before writing data into flash memory 20, data are encrypted.In one embodiment, the key value among the CEK that the SSA system is created at random with key ID is associated once, and by the said key value of SSA system held.SSA system outside do not have arbitrary side to understand or can access CEK in this key value.The external world only provides and uses reference or key ID, rather than the key value among the CEK.Key value is managed by SSA fully and preferably only can be by the SSA access.Perhaps, can key be offered the SSA system.
The data that the SSA system uses any one (user definition) in the following cipher mode to protect to be associated with key ID (key value among employed actual cryptographic algorithm and the CEK is by system's control and do not disclose) to the external world:
Block mode-data are divided into block, and each block is through individual, encrypted.This pattern is regarded as not too safely and receives easily dictionary attack usually.Yet it will allow in user's Random Access Data block any one.
Linking scheme-data are divided into block, and said block links during ciphering process.Each block is used as an input in the input of the ciphering process of next block.In this pattern (although be regarded as comparatively safety), write in proper order from start to end and reading of data, thereby create the overhead that to be accepted by the user.
Hash-the extra chain pattern of having created the data summarization that can be used for the authentication data integrality.
ACR and access control
To dispose a plurality of application programs, each of wherein said application program is expressed as node tree to SSA in system database through design.Realize the mutual repulsion between the application program through guaranteeing to set not have to crosstalk between the branch.
In order to obtain the access right to the SSA system, entity need connect via one of the ACR of system.The SSA system selects definition embedded among the connected ACR to come the administrative login program according to the user.
ACR is the indivedual login points that arrive the SSA system.ACR keeps logging on authentication and verification method.In the same record in the existence is the intrasystem login permission of SSA, wherein is to read and write privilege.This explains that in Fig. 5 Fig. 5 explains n ACR among the same AGP.This means that among n the ACR at least some can share the access right to same key.Therefore, ACR#1 and ACR#n share the access right to the key with key ID " key 3 ", and wherein ACR#1 and ACR#n are ACR ID, and " key 3 " is the key ID that is used for the key of the data that encryption is associated with " key 3 ".Same key also can be used for encrypting and/or deciphering a plurality of files, or a plurality of data set.
The SSA system supports the login of the some types in the system, and wherein verification algorithm and user's voucher can change, in case as the user successfully login then the user the privilege in the system can change.Fig. 5 explains different login algorithm and voucher once more.ACR#1 designated pin login algorithm and password are as voucher, and ACR#2 specifies PKI (Public Key Infrastructure) login algorithm and public keys as voucher.Therefore, in order to login, entity provides effective ACR ID with needs, and correct login algorithm and voucher.
In case entity has signed in among the ACR of SSA system, just in the permission control record (PCR) that is associated with ACR, define its permission (it uses the right of SSA order).In Fig. 5, according to the PCR that is showed, ACR#1 grant to the data that are associated with " key 3 " only read permission, and ACR#2 grants the permission of reading and write the data that are associated with " key 5 ".
Different ACR can share common interest and privilege in system, for example in order to the common interest and the privilege of the key aspect that reads and write.In order to realize this purpose, the ACR with something in common is grouped into AGP-ACR group.Therefore, ACR#1 and ACR#n share the access right to the key with key ID " key 3 ".
AGP and its inner ACR organize with hierarchical tree, and therefore except creating the safe key that keeps sensitive data safety, ACR can preferably also create other ACR entity corresponding to its key ID/subregion.These ACR filial generations will have identical with his father's generation (founder) or be less than his father's permission in generation, and can be given the permission of the key of creating to parent ACR self.Self-evident, filial generation ACR obtains the access permission to its any key of creating.This explains in Fig. 6.Therefore, all ACR among the AGP 120 create by ACR 122, and two permissions of inheriting the data that access is associated with " key 3 " from ACR 122 among this type of ACR.
AGP
Through specifying the ACR in AGP and the AGP to be accomplished to the login in the SSA system.
Each AGP has unique ID (with reference to title), and it is as the index to its clauses and subclauses in the SSA database.When creating AGP, the AGP title is provided to the SSA system.If the AGP title that is provided has been present in the system, SSA will refuse creation operation so.
AGP be used for managing to as following paragraph with the restriction of the access of describing with the mandate of management permission.One of function that two trees among Fig. 6 are provided is the access of the complete separate entities of management (for example, two different applications, or two various computing machine users).From this type of purpose, maybe be importantly, two access procedure cardinal principles (that is, do not have in fact and crosstalk) independently of one another are even both take place simultaneously.This means that the establishment of checking, permission and extra ACR and AGP in each tree is free of attachment to and does not rely on the establishment of checking, permission and extra ACR and the AGP of another tree.Therefore, when the SSA system was used for storer 10, this allowed accumulator system 10 to serve a plurality of application programs simultaneously.It also allows two application programs, two independent data sets of access (for example, photograph collection and song book) independently of one another.This explains in Fig. 6.Therefore, with to comprising photo via the application program of the node in the tree in the top section of Fig. 6 (ACR) or " key 3 " of user access, the data that " key X " and " key Z " is associated.Can comprise song with the data that are associated to " key 5 " and " key Y " via the application program of the node (ACR) of the tree in the base section of Fig. 6 or user access.The ACR that creates AGP has the permission of only when AGP does not have the ACR clauses and subclauses, deleting said AGP.
The SSA entrance of entity: access control record (ACR)
ACR in the SSA system describes the allowance entity and signs in to the mode in the system.When entity signed in in the SSA system, it need specify the ACR that is about to the proof procedure of execution corresponding to it.ACR comprises permission control record (PCR), its explanation in case such as among the ACR illustrated in fig. 5 definition and empirical tests user with regard to the executable action of granting.The host computer side entity provides all ACR data fields.
When entity successfully signs in on the ACR, entity can be inquired about subregion and key access permission and the ACAM permission (hereinafter explaination) of all ACR.
ACR?ID
When the SSA system entity opens the beginning during login process, it need specify the ACR ID (when creating ACR, being provided by main frame) corresponding to login method, feasible when satisfying all logins and require SSA correct algorithm will be set and select correct PCR.When creating ACR, ACR ID is provided to the SSA system.
Login/verification algorithm
Verification algorithm specifies the logging program of what kind to be used by entity, and needs the voucher of what kind that the proof of user identity is provided.The SSA system supports some standards login algorithms, is changing in the scope based on symmetrical or asymmetric cryptological bi-directional verification agreement from no program (and not having voucher) with based on the program of password.
Voucher
The voucher of entity is corresponding to the login algorithm, and used with check and checking user by SSA.The instance of voucher can be the password that is used for password authentification/PIN numeral, be used for the AES key of AES checking etc.Type/the form of voucher (that is, PIN, symmetric key etc.) is derived through definition in advance and from Validation Mode; When creating ACR, it is provided to the SSA system.These vouchers of SSA system and definition, distribution and management are irrelevant, and except the checking of PKI, it is right that wherein device (for example, flash cards) can be used for producing the key of RSA or other type, and public keys can be derived to be used for certificate and produced.
Permission control record (PCR)
PCR is illustrated in the content that signs in in the SSA system and successfully afterwards grant entity through the proof procedure of ACR.Have three types permission classification: the establishment that is used for subregion and key is permitted, is directed against the access permission of subregion and key, and the management permission that is used for entity-ACR attribute.
The access subregion
This paragraph of PCR contains entity the tabulation that completes successfully ACR accessible subregion after the stage (using as be provided to its ID of SSA system).For each subregion, access type can be limited to and only writes or only read, and maybe can specify fully to write/read access right.Therefore, the ACR#1 among Fig. 5 can access subregion #2 rather than subregion #1.The restricted application of appointment is in SSA subregion and public partition among the PCR.
Can read with write command or through SSA through the rule that the device (for example, flash cards) of SSA system is managed on behalf of another in arrival and order the access public partition.When with the restriction public partition license creation root ACR (hereinafter explaination) time, it can be delivered to its filial generation with said permission.ACR can preferably only limit rule and read and write command access public partition.ACR in the SSA system can preferably only be limited after it is created.In case ACR have from public partition read/when the permission that public partition writes, preferably it can not be taken away.
Access keys ID
This paragraph of PCR contains the data that the tabulation of the accessible key ID of entity (as be provided to the SSA system by main frame) when having satisfied the ACR strategy with login process when entity is associated.Specified key ID exists the file in the subregion that occurs among the PCR to be associated with staying.Because key ID is not associated with the logical address of installing in (for example, flash cards), so when an above subregion was associated with specific ACR, file can be any one in the subregion.Among the PCR key ID of appointment each can have different access right collection.The data that access is pointed to by key ID can be limited to and only write or only read, and maybe can specify fully to write/read access right.
ACR attribute management (ACAM)
This paragraph is described the system property that can how to change ACR in some cases.
The ACAM action that can permit in the SSA system is:
1. establishment/deletion/renewal AGP and ACR.
2. establishment/deletion subregion and key.
3. authorize access right to key and subregion.
Parent ACR preferably can not edit the ACAM permission.This will preferably need delete and create ACR again.And, the access permission of the key ID created by ACR preferably can not be taken away.
ACR can have the ability of creating other ACR and AGP.Establishment ACR also meant the some or all of ACAM permissions that had by its founder to its mandate.Have the permission of creating ACR and mean the permission that has for following action:
1. voucher-the verification method of definition and editor's filial generation is preferably in case just can not be edited through creating the ACR setting.Can in the border of the verification algorithm that has defined to filial generation, change voucher.
2. delete ACR.
3. authorize establishment permission to filial generation ACR (therefore have grandson generation).
ACR with permission of creating other ACR has the permission (although it possibly not have the permission that ACR is lifted a blockade) of authorizing the permission of lifting a blockade to its ACR that creates.Parent ACR will be placed on the reference to its person of lifting a blockade among the filial generation ACR.
Parent ACR is the unique ACR with permission of its filial generation of deletion ACR.When the ACR of the lower level of its establishment of ACR deletion, the then also deletion automatically of all ACR that produces of lower level ACR thus.When deletion ACR, then delete all key IDs and the subregion of its establishment.
There are renewable himself two exceptions of record of ACR:
1. password/PIN (although being set by founder ACR) only can be upgraded by the ACR that comprises it.
2. root ACR can delete itself and its AGP that exists that stays.
Mandate is to the access right of key and subregion
ACR and AGP thereof are combined in the hierarchical tree, and wherein root AGP and its inner ACR are in the top (for example, the root AGP 130 and 132 among Fig. 6) of tree.Can have several A GP tree in the SSA system, but it is separated from one another fully.ACR in the AGP can authorize the access permission to its key to all ACR of all ACR in its residing same AGP and Xiang Youqi establishment.The permission of creating key preferably comprises the permission of the access permission of licensing key.
Permission to key is divided into three classifications:
1. access-this definition is promptly read, is write for the access permission of key.
2. entitlement-foundation definition, the ACR that creates key is its owner.This entitlement can license to another ACR (if its be in the same AGP or among the filial generation AGP) from an ACR.The entitlement of key provides the deletion key and authorizes the permission for the permission of said key.
3. the right that access right mandate-this permission makes ACR can authorize it to hold.
ACR can authorize to its subregion of creating with and have an access permission of other subregion of access permission.
PCR through adding the title and the key ID of subregion to specified ACR accomplishes permission.The authorization key access permission can be to carry out to the key of creating to some extent of authorizing ACR through key ID or through the statement access permission.
The blockade of ACR and releasing are blocked
ACR can have the blockade counter, and its ACR proof procedure that carries out to system when entity increases progressively when getting nowhere.When reaching a certain maximum number (MAX) of unsuccessful authentication, the SSA system will block ACR.
Being blocked ACR can be lifted a blockade by another ACR that is blocked the reference of ACR institute.Reference to the ACR that lifts a blockade is set by its founder.The ACR that lifts a blockade preferably is among the AGP identical with the founder who is blocked ACR, and has " lifting a blockade " permission.
There is not other ACR to lift a blockade in the system to being blocked ACR.The ACR possible configuration has the counter of blockade but the person ACR that do not lift a blockade.In the case, if this ACR is blocked, it can't be disengaged blockade so.
Root AGP-creates application database
The SSA system through design to dispose a plurality of application programs and to make its each data isolation.The tree construction of AGP system is to be used to discern the also main tool of isolates application particular data.Root AGP is in the place, tip of application program SSA database tree and observes different slightly rule of conduct.Some AGP are configurable in the SSA system.Two root AGP 130 and 132 are showed among Fig. 6.Obviously, can use still less or more AGP, and it within the scope of the invention.
Through the process of adding new AGP/ACR tree to device, come register device (for example, flash cards) to the issue voucher of the new application program of new application program and/or device.
The prop root AGP of SSA system creates three kinds of different modes of (and all ACR and permission thereof of root AGP):
1. open: do not require any kind of checking Any user or entity or can create new root AGP through user/entity that the ACR of system (hereinafter explaination) verifies.Open mode makes it possible to accomplish (promptly on open channel when all data transfer; In issue agency's security context) time has no under the situation of security measures; Or pass through the escape way of setting up via the ACR of system checking (that is, aloft (OTA)) and issue the back program) establishment root AGP.
If system ACR is set at opening without configuration (this is an optional feature) and root AGP creation mode, so only the open channel option can be used.
2. controlled: as to have only through the entity of the ACR of system checking and can create new root AGP.If system ACR so can not be with the SSA default to this pattern without configuration.
3. locking: the establishment of root AGP of stopping using, and can not add supernumerary root AGP to system.
Two SSA order control these characteristics (these orders can be used under situation about not verifying by Any user/entity):
1. method configuration order-be used for disposes any one that the SSA system uses three kinds of root AGP creation modes.Only allow following patterns of change: open->controlled, controlled->locking (that is, be configured to controlledly if the SSA system is current, it only can change into locking so).
2. the method configuration order of stopping using is ordered-be used for to the method configuration locking, and the method for the current selection of permanent locking.
When creating root AGP, it is in and makes it possible to create and dispose in the special initialize mode of its ACR (use is applied to the same access restriction of the establishment of root AGP).When root AGP layoutprocedure finished, when entity switched to operator scheme with it clearly, existing ACR no longer can be updated and no longer can create extra ACR.
In case root AGP is placed in the mode standard, it only can sign in in the system through an ACR via the permission that is assigned deletion root AGP among its ACR is deleted.Except special initialize mode, this is another exception of root AGP; It preferably can contain unique AGP of the ACR of the permission with the AGP that deletes himself, with AGP formation contrast in next tree layer.
Between root ACR and standard A CR the 3rd and final difference are that it is to have the unique ACR that creates and delete the permission of subregion in the system.
The ACR of SSA system
System ACR can be used for following two kinds of SSA operation:
1. create the ACR/AGP tree under the protection of the escape way in hostile environment.
2. the device of SSA system is managed on behalf of another in identification and checking.
Preferably, only can have an ACR of system among the SSA, and in case through defining, it just can not change preferably.When creating the ACR of system, do not need system verification; Only need the SSA order.The ACR of the establishment system characteristic of can stopping using (be similar to and create root AGP characteristic).After the ACR of establishment system, creating the ACR of system order does not have effect, because preferably only allow an ACR of system.
In the time of in being in constructive process, system ACR inoperation.After the completion, need the issue special command, its indication mechanism ACR has created and has prepared and carried out.After this point, system ACR preferably can not be updated or substitute.
System ACR creates root ACR/AGP in SSA.It has the permission of interpolation/change root layer, up to main frame to it satisfied and when it is blocked till.Block root AGP and cut off it in essence to the connection of the ACR of system and cause its tamperproof.At this moment, do not have one can change/edit root AGP and inner ACR.This orders through SSA and accomplishes.The establishment of inactive root AGP has permanent influence and can not put upside down.The characteristic that more than relates to the ACR of system is explained in Fig. 7.System ACR is used to create three different root AGP.After creating these roots AGP, sometime, send the SSA order to block root AGP from the ACR of system from main frame, the establishment root AGP characteristic of stopping using by this, indicated as among Fig. 7 the ACR of system being connected to the dotted line of root AGP.This causes three root AGP tamperproof.Before or after root AGP was blocked, three root AGP can be used for creating filial generation AGP to form three trees separately.
The above-mentioned content owner of being characterized as has in configuration provides big dirigibility aspect the safety product of content.Need " issue " safety product.Issue is the process that proposes the identification key, and device can be discerned main frame by the identification key, and vice versa.Recognition device (for example, flash cards) makes main frame can determine its whether credible secret of letting alone and installing.On the other hand, the identification main frame makes device can have only ability implement security property strategy when main frame is allowed to (granting and the order of execution particular host).
To have some identification keys through design with the product of serving a plurality of application programs.Product can " issue " in advance-storage key during manufacture before shipment, or " issue afterwards "-after shipment, add new key.For issue afterwards, storage arrangement (for example, memory cards) need contain certain master control set or a device layer key, and it can be used for discerning through allowing application program is added to the entity of device.
Above-mentioned characteristic makes that product can issue after being configured to launch/stop using.In addition, issue configuration afterwards can be accomplished after shipment safely.Device can be used as retail product and buy, and except above-mentioned master control set or device layer key, does not have other key it on, and follows said device and issue application program or it is inactive after being configured to launch further by the new owner.
Therefore, the ACR of system characteristic provides the ability that realizes above purpose:
-do not have an ACR of system storage arrangement with the unrestricted and not controlled interpolation that allows application program.
-the storage arrangement that do not have an ACR of system can be created through the ACR of system that is configured to stop using, and this means the interpolation (also being deactivated only if create the characteristic of new root AGP) of having no idea to control new application program.
-have an ACR of system storage arrangement with only allowing escape way controllably to add application program via using system ACR voucher is set up through proving program.
-storage arrangement with the ACR of system can add characteristic through the application program that was configured to before or after adding application program to stop using.
The key ID tabulation
Create key ID according to specific ACR request; Yet in accumulator system 10, it is only used by the SSA system.When creating key ID, creating ACR provides following data or following data is provided to establishment ACR:
1. key ID.Said ID is provided through main frame by entity, and is used for further reading or write access with reference to key and use secret key encryption or decrypted data at all.
2. secret key cipher and data integrity sexual norm (piecemeal, link and the hash pattern explained in the preceding text and like hereinafter).
Except the attribute that main frame provides, following data are by the SSA system held:
1. the key ID owner.ID as possessory ACR.When creating key ID, founder ACR is its owner.Yet key ID entitlement can be transferred to another ACR.Preferably, only allow the key ID owner to shift the entitlement and the authorization key ID of key ID.Mandate is to the access permission of the key that is associated and recall these rights and can be managed by the key ID owner or any other ACR that is assigned authorization.When attempting to carry out any one in these operations, the SSA system will be only when asking ACR when authorizing, just to grant said operation.
2.CEK。This is that key value is used to the CEK that is associated with key ID or enciphered by the content that key ID is pointed to.Key value can be 128 AES random keys that produced by the SSA system.
3.MAC with the IV value.The multidate information that uses in link zone block encryption (CBC) AES (Message Authentication Code with open beginning vector).
Also referring to the various characteristics of the flowchart text SSA of Fig. 8 A-16, wherein " H " in step left side means that operation carried out by main frame, and " C " means that operation carried out by card.Though these SSA characteristics of reference memory card explanation will be understood, these characteristics also are applicable to the storage arrangement of other physical form.In order to create the ACR of system, the order (square frame 202) of the SSA issue establishment system ACR of main frame in storage arrangement 10.Whether device 10 has existed respond (square frame 204, rhombus 206) through check system ACR.If it exists, install 10 so and pass failure back and stop (oval 208).If it does not exist, whether storer 10 inspections allow the ACR of system to create (rhombus 210) so, and under unallowed situation, pass status of fail (square frame 212) back.Therefore, can exist the device publisher not allow to create the instance of the ACR of system, for example be scheduled to make under the situation of the ACR of system at required security features.If allow the ACR of system to create, install 10 so and pass the OK state back and wait for system ACR voucher (square frame 214) from main frame.Main frame is checked the SSA state and is installed 10 and whether indicated the permission establishment ACR of system (square frame 216 and rhombus 218).If if do not allow establishment or the ACR of system to exist, main frame stops (oval 220) so.Indicated the permission establishment ACR of system if install 10, host issued SSA order is to define its logging on authentication and to send it to device 10 (square frame 222) so.The voucher update system ACR record that device 10 usefulness are received is also passed OK state (square frame 224) back.In response to this status signal, the ready SSA order of host issued indication mechanism ACR (square frame 226).Device 10 makes it not to be updated through locking system ACR or substitutes respond (square frame 228).This pins the characteristic of the ACR of system and is used for the identity to main frame recognition device 10.
The program that is used for creating new tree (new root AGP and ACR) is confirmed in the mode that device disposes through these functions.Fig. 9 explains said program.Both all follow this program main frame 24 and accumulator system 10.Add new root AGP if stop using fully, can not add new root AGP (rhombus 246) so.Need the ACR of system if it is activated, main frame is created root _ AGP order (square frame 254) in issue and is verified and set up escape way (rhombus 250, square frame 252) through the ACR of system before so.If do not need the ACR of system (rhombus 248), main frame 24 can be issued under situation about not verifying and create root AGP order and advance to square frame 254 so.If system ACR exists really, even do not need the ACR of system main frame also can use said system ACR (not showing in the process flow diagram) so.Device (for example, flash cards) will be refused the trial (if said function is deactivated) of the new root AGP of any establishment, and it will refuse under situation about not verifying, to create the trial (ACR of system if desired) (rhombus 246 and 250) of new root AGP.New AGP and the ACR that creates switches to operator scheme at present in the square frame 254, makes ACR among this type of AGP not to be updated or changes with other mode, and can not add any ACR to said ACR (square frame 256).System makes and can not create extra root AGP (square frame 258) then by randomly locking.Frame of broken lines 258 is that this step of indication is the convention of optional step.All frame of broken lines in the graphic process flow diagram of this instructions all are optional step.This allows the content owner to block from other illegal objective that possibly imitate the actual stored apparatus with legal content the use to installing 10.
In order to create ACR (being different from above-mentioned ACR among the AGP), any ACR that can have the right of creating ACR begins (square frame 270), and is shown in figure 10.Entity can be attempted to come through main frame 24 inputs (square frame 272) through ACR of provide access an ACR identity and the attribute that is necessary with its hope establishment.Whether the coupling of SSA inspection and ACR identity and the ACR with this identity have the permission (rhombus 274) of creating ACR.If request is verified as through authorizing, the SSA that installs so in 10 creates ACR (square frame 276).
Figure 11 shows two AGP of explanation useful tree in the security application of the method for using Figure 10.Therefore, the marketing ACR that has identity m1 among the AGP has the permission of creating ACR.ACR m1 also has the permission of using key, and said key is used to read and write data that are associated with key ID " marketing message " and the data that are associated with key ID " price list ".Use the method for Figure 10; Its establishment has the sale AGP of two ACR s1 and s2; It only has the permission of reading to the key that is used for the pricing data that access is associated with key ID " price list ", and does not have the permission of reading of the necessary key of data that access is associated with key ID " marketing message ".In this way, the entity with ACR s1 and s2 only can read and can not change pricing data, and will not have the access right to marketing data.On the other hand, ACR m2 does not have the permission of creating ACR, and only has the permission of reading to the key that is used for the data that access is associated with key ID " price list " and is associated with key ID " marketing message ".
Therefore, can preceding text the mode authorize access power of explaination, wherein m1 to s1 with s2 mandate read the right of pricing data.This is particularly useful under the situation that relates to bigger marketing and sale group.Under the situation that only has one or several sales force, maybe not need use the method for Figure 10.In fact, can be by the ACR authorize access power at the lower or identical layer place of ACR in same AGP, as illustrated in fig. 12.At first, the tree (square frame 280) of entity through specifying the ACR in the tree to get into this type of AGP via main frame with above-described mode.Next, main frame will be specified ACR and the right that will authorize.SSA inspection tree is to check whether this type of ACR and said ACR have the permission (rhombus 282) that right is licensed to another ACR of appointment.If authorize said right (square frame 284) so; If not, it stops so.The result explains in Figure 13.ACR m1 in the case has reading the permission of permission to ACR s1, makes that s1 can use key to come the access pricing data after authorizing.This can have under the situation identical or more grands droits access pricing data and the permission of so authorizing at m1 carries out.In one embodiment, m1 keeps its access right after authorizing.Preferably, confined conditions (rather than for good and all) such as limited time, limited access times authorize access power down can for example continued.
The process that is used for creating key and key ID is explained at Figure 14.Entity is through ACR checking (square frame 302).Said entity requests is created has the key (square frame 304) by the ID of main frame appointment.Whether the specified ACR of SSA inspection has the permission of so doing (rhombus 306).For instance, if key will be used for the data of access particular zones, but SSA will check whether this subregion of access of ACR so.If ACR is through authorizing; Storage arrangement 10 is created the key value (square frame 308) that is associated with the key ID that is provided by main frame so; And key ID is stored among the ACR and with key value is stored in (in controller associated memory or the storer 20) in its storer; And assign right and permission (square frame 310), and with the right of this type of appointment and the PCR of this type of ACR of permission modifications (square frame 312) according to the information of entity supply.Therefore, the founder of key has all available rights, for example read and write permission, authorize and with same AGP in other ACR or be in the right that the ACR of lower level shares, and the proprietorial right that shifts key.
ACR can change the permission (or changing its existence fully) of another ACR in the SSA system, as illustrated in fig. 15.Entity can get into tree through ACR as before; In one case, entity empirical tests and then its appointment ACR (square frame 330,332).Permission (square frame 334) among its request deletion target ACR or the target ACR.If the ACR that specified ACR or this moment are in active state has the right of so doing (rhombus 336), delete target ACR so, or the PCR that changes target ACR is to delete this type of permission (square frame 338).If this without permission, system stops so.
After said process, target will be no longer can access its can access before process data.Shown in figure 16, entity can be attempted in target ACR place entering (square frame 350) and find the proof procedure failure, because previous existing ACRID no longer is present among the SSA, makes access right be rejected (rhombus 352).Suppose that ACR ID is not deleted as yet, entity is specified key ID and/or the data (square frame 356) in ACR (square frame 354) and the particular zones, and SSA then checks key ID or permits subregion access request (rhombus 358) according to the PCR of this type of ACR.If permission is deleted or has been expired, refusal request so once more.Otherwise, grant described request (square frame 360).
How said process tracing device (for example, flash cards) manages the access to protected data, and no matter whether ACR and PCR thereof have just been changed by another ACR or so through being configured to start with.
Dialogue
A plurality of users that the SSA system logins with disposal through design simultaneously.When using this characteristic, each order that SSA receives is associated with special entity, and has only when the ACR that is used to verify this entity has the permission to institute's request action and just be performed.
Support a plurality of entities through the dialogue notion.Dialogue is set up during proof procedure and is obtained talking with id by the appointment of SSA system.Dialogue id is associated with the ACR that is used for signing in to system inner, and orders to be used for all further SSA through exporting to entity.
The SSA system supports two types dialogue: open dialogue and security dialogues.In ACR, define the dialogue types that is associated with the certain validation process.The SSA system will carry out session establishment to be similar to the mode of itself carrying out checking.Because ACR defines the entity permission,, this mechanism is associated so making system designer can safety worn tunnel and access specific key ID or called specific ACR bookkeeping (that is, create new ACR and set voucher).
Open dialogue
Open dialogue is with dialogue id but the dialogue that does not have bus encryption to discern, and all orders and data are passed through in the clear.This operator scheme is preferably used in multi-user or the multiple entity environment, and wherein entity is not a part that threatens model, on bus, does not eavesdrop yet.
Although the effective fire wall between the application program on the host computer side is not launched in the transmission of protected data yet, open dialogue mode makes the SSA system can allow only access to allow to be used for the information of current empirical tests ACR.
Open dialogue also can be used for subregion or the shielded situation of key needs.Yet after effective proof procedure, all entities on main frame are granted access rights.In order to obtain the permission of empirical tests ACR, that the unique needs of various host application programs are shared is dialogue id.This explains in Figure 17 A.The step of line 400 tops is steps of being taked by main frame 24.At entity afterwards, to ACR 1 empirical tests (square frame 402) its request to storage arrangement 10 in the access (square frame 404,406 and 408) of the file that is associated of key ID X.If the PCR of ACR 1 allows this access, install 10 so and grant described request (rhombus 410).If no, system turns back to square frame 402 so.After checking was accomplished, the dialogue id (rather than ACR voucher) that accumulator system 10 only passes through to be assigned discerned the entity of issue an order.In open dialogue; In case ACR 1 obtain to its PCR in the access right of the data that are associated of key ID, any other application program or user just can come the access identical data through specifying in correct dialogue ID shared between the different application on the main frame 24.This characteristic is more favourable in following application: the user only can login once and can access is comparatively easily with carry out all data that account that login passed through gets in touch to different application.Therefore, the Email that cell phone user possibly can access be stored, and listen to the music of storage in the storer 20, and needn't login repeatedly.On the other hand, the data that do not comprised by ACR1 can not access.Therefore, same cellular telephone subscriber can have and can for example play and photo through the valuable content of independent account ACR2 access.This is its data of not hoping to borrow other people access of its phone, although it possibly not mind the data that other people can use through its first account ACR1 access.To be divided into two independent accounts to the access of data allows in open dialogue access ACR1 that the convenience of using is provided simultaneously and provides valuable Data Protection.
In order further to make the process convenient of between host application program, sharing dialogue id, when the open dialogue of ACR request, it can be asked dialogue to be assigned clearly and obtain " 0 (zero) " id.In this way, application program can be through design to use predefined dialogue id.Owing to tangible reason, unique restriction is that the ACR of an only request dialogue 0 can be verified at special time.The trial of verifying the ACR of another request dialogue 0 will be rejected.
Security dialogues
In order to add layer of security, can be shown in Figure 17 B and use dialogue id.Storer 10 is then also stored the dialogue id of the dialogue that is in active state.For instance, in Figure 17 B, for the file that can access be associated with key ID X, entity will also need provide dialogue id (for example, dialogue id " A ") (square frame 404,406,412 and 414) before being allowed to accessing file.In this way, only if request entity is known correct dialogue id, otherwise it can not access memory 10.Because deletion dialogue id and dialogue id talk with difference, so entity only just can obtain access right when it can provide dialogue for each after end-of-dialogue.
Whether the SSA system is through using the dialogue trace command genuine in correct empirical tests entity.Use open channel to send the application and the operating position of the threat of malicious commands for existing the assailant to attempt, host application program dialogue safe in utilization (escape way).
When passage safe in utilization, encrypt (dialogue) key with escape way dialogue id and whole order are encrypted, and safety grades is the same with the host computer side embodiment high.
Stop dialogue
In any one of following situation, stop dialogue, and nullify ACR:
1. the end dialog order that entity issued is clear and definite.
2. it is overtime to communicate by letter.Special entity is being defined as not issue an order in time cycle of one of ACR parameter.
3. all open dialogues are reseted and/or power cycle termination afterwards at device (for example, flash cards).
The data integrity sex service
The integrality of SSA system test SSA database (it contains all ACR, PCR etc.).In addition, for solid data the data integrity sex service is provided through key ID mechanism.
If key ID is configured to hash as its AES, hashed value is stored in the CEK record with CEK and IV so.During write operation, calculate and the storage hashed value.During read operation, calculate hashed value once more, and with its with previous write operation during the value of storing compare.During the positive access keys ID of each entity, excessive data is connected (with pin mode) to legacy data and upgrade suitable hashed value (writing to reading or being directed against).
Because the data file of having only main frame to know to be associated or pointing to by key ID, so main frame is with following mode some aspects of management data integrity function clearly with key ID:
1. from beginning to write or read the data file that is associated with key ID or points to by key ID to ending.The trial of the part of any accessing file will make file chaotic, because the SSA system is just using the CBC encryption method and producing the ashed information summary of whole data.
2. need be with adjacency stream deal with data (said data stream can be not staggered and divisible in a plurality of dialogues with the data stream of other key Id), because middle hashed value is by the SSA system held.Yet event data stream restarts, and entity need indicate the SSA system to reset hashed value clearly so.
3. when read operation was accomplished, main frame asked the SSA system to verify the said hash that reads through the hashed value of calculating during hash that is read and the write operation is compared clearly.
4.SSA system also provides " illusory reading " operation.This characteristic will make data streaming through crypto engine but will can it be issued to main frame.This characteristic is used in fact from installing (for example, flash cards) sense data check data integrality before.
Random number produces
The SSA system will make external entity can utilize internal random number producer and request in the outside random number of using of SSA system.This service can be used and do not needed and verify by any main frame.
RSA key is to producing
The SSA system will make external user can utilize inner RSA key right at the outside key that uses of SSA system to producing characteristic and request.This service can be used and do not needed and verify by any main frame.
Alternate embodiment
Be alternative in the use level approach, the active bank method realizes similar results, as illustrated in fig. 18.
Shown in figure 18; The maximum number that can the voucher tabulation of entity, verification method, failure be attempted and remove the minimal amount that blocks required voucher and be input in the database that is stored in controller 12 or the storer 20, said database requires this type of voucher with relevant by the strategy in the database of controller 12 implementations of storer 10 (to the reading of key and subregion, write access, escape way requires).Also be stored in the database is constraint and the restriction to the access of key and subregion.Therefore, some entities (for example, the system manager) maybe be in white tabulation, but this means these all keys of entity access and subregions.Other entity possibly deceived in the tabulation, and the trial of any information of its access will be blocked.That restriction can be the overall situation or key and/or subregion are specific.But this means only some some specific key of entity access and subregion, and some entity can not be done like this.Also can impose restriction, no matter its residing subregion or be used for how to its key of encrypting or deciphering to content itself.Therefore, some data (for example, song) only possibly have can be by its attribute of the first five host apparatus access of access, or other data (for example, film) only can be read limited number of times, and no matter which entity has access right.
Checking
Cryptoguard
Cryptoguard means need provide password to come the access protected field.Only if it can not be an above password, otherwise password can be associated with different rights (for example, reading access right or read/write access right).
Cryptoguard means that device (for example, flash cards) can check the password that is provided by main frame, and promptly device also has the password in the secure memory area that is stored in device management.
Issue and restriction
Password stands Replay Attack.Because password is constant after providing at every turn, so it can be redispatched identically.This means if data to be protected are valuable and the easy access of communication bus, do not answer tale quale to access to your password so.
Password can be protected the access of storage data but shall not be applied to protected data (not being key).
In order to increase the safety grades that is associated with password, can use master key to make its variation, the result steals a password can not make the total system collapse.Secured communication channel based on session key can be used for sending password.
Figure 19 is the process flow diagram that explanation accesses to your password and verifies.Entity is the system of passing 10 (for example, flash memory cards) with account id and password.The said password of systems inspection whether with its storer in password matching.If its coupling is passed the empirical tests state so back.Otherwise error counter increases progressively to said account, and requires entity to re-enter account id and password.If counter overflows, system passes the unaccepted state of access back so.
Symmetric key
Symmetric key algorithm means that same key is used for both sides to carry out encryption and decryption.This means and before communication, agree key in advance.And each side should be implemented inverse algorithms each other, promptly on the side is to be decipherment algorithm on AES and the opposite side.Both sides need not implemented two kinds of algorithms and communicated.
Checking
Symmetric key checking means that device (for example, flash cards) and main frame share same key and have same password algorithm (directly with oppositely, for example DES and DES-1).
The symmetric key checking means inquiry-response (protection Replay Attack).Protected device produces inquiry and both equal calculated response to other device.Demo plant sends it back response, and protected device inspection response and correspondingly affirmation checking.Then can grant the right that is associated with checking.
Checking can be:
Outside: device (for example, flash cards) checking is extraneous, and promptly device is confirmed the voucher of given main frame or application program.
Mutual: all produce inquiry in both sides.
Inner: host application program demo plant (for example, flash cards), promptly whether the main frame testing fixture is genuine for its application program.
For the safety grades (that is, destroying a part can not destroy all) that increases total system
Usually symmetric key and the variation of using master key are made up.
The checking use serves as true inquiry from the inquiry of both sides to guarantee to inquire each other.
Encrypt
Symmetric key cryptography also is used for encrypting, because it is very effective algorithm, promptly it does not need powerful CPU to dispose cryptology.
When being used to protect communication port:
Two devices all must be known the session key that is used to protect passage (that is, encrypt all outgoi8ng datas and decipher all and import data into).This session key typically uses the secret symmetric key of sharing in advance or uses PKI to set up.
The same password algorithm must known and implement to two devices all.
Signature
Symmetric key also can be used for signing data.Under said situation, signature is the partial results of encrypting.Keep the result under the situation that does not expose key value, to sign and required as many number of times for the permission of part.
Issue and restriction
The very effective and safety of symmetry algorithm, but it is based on the secret of sharing in advance.Issue is shared this secret safely and possibly is (as session key) at random with dynamical fashion.Viewpoint is that the secret shared is difficult to keep safety and possibly share with a plurality of people hardly for a long time.
In order to promote this operation, invented public key algorithm, it allows exchanging secrets under the situation of shared secret not.
Asymmetric proving program
Use a series of data transfer orders of the session key that finally is configured for escape way communication based on the checking of asymmetric key.Basic agreement is to SSA system verification user.The agreement variation allows checking each other (the wherein ACR of its hope use of subscriber checking) and two factor checking.
The asymmetric indentification protocol of SSA is preferably used Public Key Infrastructure (PKI) and RSA Algorithm.Such as these algorithms definition, allow himself the RSA key of each side establishment in the proof procedure right.Every pair of key is made up of public and private key.Because key is anonymous, so it can not provide the proof of identity.The PKI layer calls the 3rd and puts letter side, each of its signature public keys.Put the public keys of letter side and between the each side that will verify each other, share in advance, and be used to check the public keys of each side.In case break the wall of mistrust (two Fang Jun confirm the public keys that trusted the opposing party provides), agreement just continues checking (checking each side to hold the private key of coupling) and key change.This can accomplish through the query-response mechanism of explanation among Figure 22 and 23 of hereinafter description.
The structure that contains through the signature public keys is called certificate.The letter side of putting of self-signing certificate is called certificate authority (CA).In order to verify a side, its have RSA key to the certificate of the authenticity that confirms public keys.The certificate authority signature that said certificate is trusted by another (checking) side.The authentication expection has the public keys that it puts letter CA.
SSA allows the certificate link.The public keys that this means the side of being identified can be signed by different CA (being different from the CA that identification side trusts).In the case, the side of being identified will also provide the certificate of the CA of its public keys of signature except the certificate of himself.If this second level certificate is not still trusted (not putting letter CA signature by it) by the opposing party, so third level certificate can be provided.In this certificate link algorithm, each side will have the complete list of the required certificate of its public keys of checking.This explanation in Figure 23 and 24.The ACR of this type verifies that each other required voucher is that RSA key in the designated length is right.
The SSA certificate
SSA uses [X.509] version 3 digital certificate.[X.509] be the universal standard; The content of institute's define field of certificate is further specified and limit to SSA certificate profile described herein.The certificate profile also is defined as the trust level of the management definition of certificate chain, the affirmation and certificate revocation lists (CRL) profile of SSA certificate.
Certificate is considered to public information (as the public keys of inside) and therefore not encrypted.Yet it comprises the RSA signature of checking public keys and all out of Memory fields not to be altered.
[X.509] each field of ASN.1 standard format is used in definition, and said ASN.1 standard uses the DER form to carry out digital coding again.
The general introduction of SSA certificate
An embodiment of the SSA certificate management structure of describing among Figure 20 and 21 uses the level number of plies greater or less than three by forming to the unrestricted hierarchical layers of main frame with to three hierarchical layers at the most of device but can be directed against device.
The host credentials level
Device is based on two factor authentication main frames: be stored in the device root ca certificate (as the ACR voucher of when creating ACR, storing) and by the certificate/certificate chain (to said specific ACR) of the entity supply of attempting access device.
For each ACR, the host credentials authorized party is as root CA (this is to stay to have the certificate in the ACR voucher).For instance: for an ACR, root CA can be " main frame 1 CA (layer a 2) certificate ", and for another ACR, it can be " a main frame root ca certificate ".For each ACR, each entity of holding by the certificate of the root CA signature certificate chain of end entity certificate (or root CA is connected to) can sign in among the said ACR, as long as it has the corresponding private key to the end entity certificate.Mentioned like preceding text, certificate is a common knowledge, and does not remain secret.
The fact that all the certificate holders (with corresponding private key) that issued by root CA can sign in among the said ACR means the checking of specific ACR definite by the publisher who is stored in the root CA in the ACR voucher.In other words, the publisher of root CA can be the entity of the proof scheme of management ACR.
Main frame root certificate
The root certificate be SSA be used to begin check attempt login (main frame) entity public keys put the letter CA certificate.This certificate provides when ACR is created as ACR voucher a part of.It is the root of the trust of PKI system, and therefore supposes that it provides by putting reliable body (the letter environment is put in parent ACR or manufacturing/configuration).SSA uses its this certificate of public keys check to sign with certification of proof.Main frame root certificate is stored in the nonvolatile memory (Fig. 1 is not shown) with encrypted state, and wherein the privacy key of device preferably only can be by CPU 12 accesses of Fig. 1 of system 10.
The host credentials chain
These are to offer the certificate of SSA during the checking.After the finishing dealing with of chain, not regathering of host credentials chain should be stored in the device.
Figure 20 be the explanation some different host credentials chains host credentials layer by layer the level synoptic diagram.As illustrated in fig. 20, host credentials can have many different certificate chains, wherein only explains three:
A1. main frame root ca certificate 502, main frame 1 CA (layer 2) certificate 504 and host credentials 506;
B1. main frame root ca certificate 502, main frame n CA (layer 2) certificate 508, main frame 1 CA (layer 3) certificate 510, host credentials 512;
C1. main frame root ca certificate 502, main frame n CA (layer 2) certificate 508 and host credentials 514.
More than three certificate chain A1, B1 and C1 explanation can be used for proving that the public keys of main frame is genuine three possible host credentials chains.With reference to above certificate chain A1 and in Figure 20, the public keys in main frame 1 CA (layer 2) certificate 504 is by the private key signature (that is, through encrypting the summary of public keys) of main frame root CA, and the public keys of said main frame root CA is in main frame root ca certificate 502.By the private key signature of main frame 1 CA (layer 2), the public keys of main frame 1 CA (layer 2) is provided in main frame 1 CA (layer 2) certificate 504 host public key in the host credentials 506 again.Therefore, the entity that has the public keys of main frame root CA can be checked the authenticity of above certificate chain A1.As first step; Said entity uses the public keys of the main frame root CA that it had to decipher by main frame and sends to the public keys of being signed in main frame 1CA (layer 2) certificate 504 at its place, and will compare through the summary of the unsigned public keys in the public keys of being signed of deciphering and main frame 1 CA that is sent by main frame (layer 2) certificate 504.If both couplings; The public keys of the main frame that the private key that the public keys empirical tests of main frame 1 CA (layer 2), and entity so will then use the public keys of the empirical tests of main frame 1 CA (layer 2) to decipher main frame 1 CA (layer 2) in the host credentials 506 that is sent by main frame is signed.If institute's signature value coupling of the summary of this public keys in institute's signature value of deciphering and the host credentials 506 that sends by main frame, so then also empirical tests of the public keys of main frame.Certificate chain B1 and C1 can be used for verifying in a similar manner.
As from the above process that relates to chain A1, will noticing, from need being the public keys in main frame 1 CA (layer 2) rather than the main frame root ca certificate by first public keys of the main frame of entity check.Therefore, the full content that main frame need send to entity is main frame 1 CA (layer a 2) certificate 504 and host credentials 506, makes that main frame 1 CA (layer 2) certificate will be first certificate that needs transmission in the chain.Illustrated like preceding text, the certificate checking sequence is following.Check entity (in the case for storage arrangement 10) is at first checked the authenticity of the public keys in first certificate in the chain (it is the certificate 504 of the CA under the root CA in the case).After public keys in this certificate verified as very, device 10 then continued check next certificate (being host credentials 506 in the case).For the same reason, but contain under the situation of two above certificates checking sequence like the application class at certificate chain, the urgent certificate that is connected on root certificate below begins and finishes with the certificate of entity to be verified.
Device certificate level
Main frame is based on two factor demo plants: be stored in the main frame device root CA and by the certificate/certificate chain (it when creating ACR as voucher be fed to device) of device provisioning to main frame.The process of host verification device is similar to the process of above-described device checking main frame.
The device certificate chain
These are right certificates of key of ACR.It is provided to card when creating ACR.SSA individually stores these certificates, and will during verifying, they be provided to main frame one by one.SSA uses these certificates to come to host verification.Device can be disposed the chain of 3 certificates, but can use the certificate number that is different from 3.The number of certificate can change according to the ACR difference.It is confirmed when creating ACR.Device can send to main frame with certificate chain, yet it need not resolved them, because it does not use the certificate chain data.
Figure 21 is the explanation device certificate synoptic diagram of level layer by layer, and said level is used to explain 1 to n different certificate chain to the device (for example, memory storage) that uses SSA.N illustrated in fig. 21 different certificate chains are following:
A2. install root ca certificate 520, device 1 CA (manufacturer) certificate 522 and device certificate 524;
B2. install root ca certificate 520, device n CA (manufacturer) certificate 526 and device certificate 528.
The SSA device can be made by 1 to n different manufacturer, and each manufacturer has the device CA certificate of himself.Therefore, will sign by the private key of its manufacturer, and the public keys of manufacturer is signed by the private key of device root CA again to the public keys in the device certificate of specific device.The mode that is verified of public keys of device is similar to the mode under the situation of public keys of above-described main frame.The same under the situation of the check of the chain A1 that describes to main frame with preceding text, do not need the dispensing device root ca certificate, and first certificate that will send in the chain is device i CA (manufacturer) certificate, be the device certificate afterwards, i is the integer from 1 to n.
In embodiment illustrated in fig. 21, device will provide two certificates: device i CA (manufacturer) certificate is the device certificate of himself afterwards.Device i CA (manufacturer) certificate is a certificate of making the manufacturer of this device, and said manufacturer provides the manufacturer of private key with the public keys of signature device.When main frame receives device i CA (manufacturer) certificate, main frame will use the public keys of its root CA that has to decipher the public keys with verifying attachment i CA (manufacturer).If this checks failure, main frame is failed abort process and notifying device checking so.If verify successfully, main frame then will send to device to the request of next certificate so.Device will then send the device certificate of himself to be checked in a similar manner by main frame.
Above-mentioned checkout procedure also more specifies in Figure 22 and 23.In Figure 22, " SSM system " implements the software module of other function of SSA system described herein and hereinafter description.SSA can be embodied as software or computer code, and it has the database in the nonvolatile memory (not shown) that is stored among storer 20 or the CPU 12, and is read among the RAM 12a and is carried out by CPU 12.
Shown in figure 22, there is three phases during the course, wherein the 542 checking host computer systems 540 of the SSM system in device 10.At the first public keys testing stage, host computer system 540 sends to SSM system 542 with the host credentials chain in the SSM order.SSM system 542 uses the root certificate authority public keys of the main frame root certificate 548 that is arranged in ACR 550 to check the authenticity of (square frame 552) host credentials 544 and host public key 546.Under the situation that relates to the middle certificate authority between root certificate authority and the main frame, middle certificate 549 also is used for the check of square frame 552.Suppose the success of check or process (square frame 552), SSM system 542 then advances to subordinate phase so.
SSM system 542 produces random number 554 and it is sent to host computer system 540 as inquiry.System 540 uses the private key 547 of host computer systems to sign random number 554 (square frame 556) and as the random number through signature is sent in the response of inquiry.Use host public key 546 to decipher response (square frame 558), and will respond and random number 554 compares (square frame 560).Suppose through deciphering response and random number 554 couplings, query-response success so.
In the phase III, use host public key 546 to come encrypted random number 562.This random number 562 then is session key.Host computer system 540 can obtain session key from SSM system 542 through encrypted random number 562 through using its private key to decipher (square frame 564).By this session key, then can open the secure communication between beginning host computer system 540 and the SSM system 542.Figure 22 explains that wherein host computer system 540 is by the unidirectional asymmetric checking of 542 checkings of the SSM system in the device 10.Figure 23 is the protocol figure that the two-way mutual proof procedure of the unidirectional authentication agreement that is similar to Figure 22 is described, wherein the SSM system 542 among Figure 23 is also by host computer system 540 checkings.
Figure 24 is the figure that is used to explain the certificate chain 590 of one embodiment of the present of invention.The certificate chain that need appear to be used to check as stated, can comprise some certificates.Therefore, the certificate chain of Figure 24 comprises nine (9) individual certificates altogether, and it all maybe be through check to be used for checking.Such as in the preceding text background parts explaination; At the existing system that is used for the certificate check; Send imperfect certificate chain, or sending under the situation of complete certificate, not with any certain order send certificate make the recipient will accept and store the certificate of whole group after could certificate of analysis.Because the number of certificate is not known in advance in the chain, so this can cause problem.Possibly need to keep a large amount of storage spaces to be used to store the certificate chain of uncertain length.This possibly be a problem for the memory storage of carrying out check.
One embodiment of the present of invention are based on following understanding: one wherein host apparatus can alleviate said problem with system that the identical order of order that certificate chain will be stored device check sends its certificate chain.Therefore, shown in figure 24, the chain 590 of certificate is with as the certificate chain that is right after the certificate below main frame root certificate 590 (1) beginning, and finishes with the certificate 590 (9) as host credentials.Therefore, device 10 will be at first public keys in the certification of proof 590 (1), public keys in the certification of proof 590 (2) or the like afterwards, the host public key in certificate 590 (9) is till check.This then accomplishes the checkout procedure of whole certificate chain 590.Therefore; If host apparatus is to send to storage arrangement 10 with order that is verified or identical order or the sequence of sequence with certificate chain 590 with certificate chain; Storage arrangement 10 can begin to check each certificate when receiving each certificate so, and needn't wait until till whole 9 certificates that received in the chain 590.
Therefore, in one embodiment, host apparatus once sends to storage arrangement 10 with a certificate in the chain 590.Storage arrangement 10 will be followed and must once store single certificate.After certification of proof, it can be rewritten by next certificate (except last certificate in the chain) that main frame sent.In this way, storage arrangement 10 will need retaining space to be used for only storing at any time single certificate.
Storage arrangement is known needs and is received whole chain 590 when.Therefore, preferably, last certificate 590 (9) contains designator or the indication that this is last certificate in the chain.This characteristic explains in Figure 25, and Figure 25 is that explanation is in and sends to the table of the information of storage arrangement 10 by main frame in the control sector before the certificate impact damper.Shown in figure 25, independent variable title " ' for final ' flag " is contained in the control sector of certificate 590 (9).Whether storage arrangement 10 can be then is last certificate in the chain through setting certification of proof 590 (9) through inspection " for final " flag, to confirm whether the certificate that is received is last certificate in the chain.
In alternate embodiment, the certificate in the chain 590 can not send one by one, but sends with the group of one, two or three certificate.Obviously, can use the certificate of similar number in group or the group of certificate with other number.Therefore, chain 590 comprises five (5) individual continuous strings of certificate 591,593,595,597 and 599.Each of said string contains at least one certificate.The continuous string of certificate is the string that contains all certificates between the certificate (beginning certificate) that is next to the string before the in question string in the chain, the certificate (end certificate) that is next to string string afterwards in the chain and beginning certificate and the end certificate.For instance, string 593 contains all three certificates 590 (2), 590 (3) and 590 (4).Five certificate strings by storage arrangement 10 with following sequential test: 591,593,595,597, and finish with 599.Therefore; If five strings are to send and to receive with the storage arrangement 10 performed identical sequences of check; Storage arrangement will not need any one of memory strings after string has been verified so, and can be by the following a string rewriting that arrives from main frame except that last all string the string.As among the embodiment formerly, last certificate need contain and is set at the designator (for example, flag) of particular value to indicate that it is last certificate in the chain in the chain.In this embodiment, storage arrangement will only need keep the space that is enough to store the certificate of maximum number in five strings.Therefore, if main frame at first notifies storage arrangement 10 its longest strings of planning to send, storage arrangement 10 will only need keep enough spaces and be used for the longest string so.
Preferably, the length of each certificate is not more than four times of length of the public keys of being identified by certificate in the chain that is sent by main frame.Similarly, send to host apparatus preferably is not more than the public keys of being identified by certificate with the length of the certificate of the public keys of identifying storage arrangement four times of length by storage arrangement 10.
The above-mentioned embodiment that is used for the certification of proof chain explains that at the process flow diagram of Figure 26 for simplicity, the certificate number in each group is assumed to one in Figure 26.Shown in figure 26, main frame sends to card in proper order with the certificate in the chain.With first certificate in the chain (normally immediately following the certificate after the root certificate of being explained like preceding text) beginning, card is the main frame acceptance certificate chain (square frame 602) from just being verified in proper order.Clamping each of the certificate that received of check and abort process under any one situation of failing to be verified of certificate.If any one of certificate fails to be verified, cartoon is known main frame (square frame 604,606) so.Card will then detect last certificate and whether be received and check (rhombus 608).If last certificate is not received and checks, clamping and is turned back to square frame 602 to continue to receive and check the certificate from main frame so.If last certificate is received and checks, clamping after the certificate check and is advanced to next stage (610) so.Though the characteristic reference memory card in Figure 26 and the following subsequent drawings is as an example, will understand, these characteristics also can be applicable to have the storage arrangement of the physical form of non-memory cards.
The process that main frame is carried out when card is just being verified main frame is explained in Figure 27.Shown in figure 27, main frame sends to card (square frame 620) (usually to begin immediately following a certificate after the root certificate) with next certificate in the chain.Main frame then determines whether to indicate from card receiver the suspension notice (rhombus 622) of authentication failed.If received suspension notice, main frame stops (square frame 624) so.If do not receive suspension notice as yet, main frame is through checking that whether setting " for final flag " in last certificate that is sent checks last certificate (rhombus 626) that sends whether in the chain so.If sent last certificate, main frame then advances to next stage (square frame 628) after the certificate check so.As illustrated in Figure 22 and 23, next stage can be a query-response, is that session key is created afterwards.If do not send last certificate in the chain as yet, main frame turns back to square frame 620 to send last certificate in the chain so.
Action explanation in Figure 28 and 29 that card and main frame are taked when blocking just by checking.Shown in figure 28, after beginning, card is waited for the request (square frame 630, rhombus 632) from the certificate in the transmission chain of main frame.If do not receive the request from main frame, card will turn back to rhombus 632 so.If receive the request from main frame, card will then send next certificate in the chain so, begin (usually to begin immediately following a certificate after the root certificate) (square frame 634) with first certificate that should send.Card determines whether from the main frame notice (rhombus 636) that takes defeat.If taken defeat notice, card stops (square frame 637) so.The notice if do not take defeat, clamping and is determined whether to send last certificate (rhombus 638) so.If do not send last certificate as yet, card turns back to rhombus 632 and waits for up to it receives next request of next certificate that sends the chain from main frame till so.If sent last certificate, clamping and is advanced to next stage (square frame 639) so.
Figure 29 explanation action that main frame is taked when blocking just by checking.Main frame will send to card to the request of next certificate in the chain, begin (square frame 640) with the request to sent first certificate.Whether main frame is each certificate of being received of check then, and abort process and announcement card check fail (square frame 642).If upcheck, whether the main frame inspection has received and has successfully checked last certificate (rhombus 644) so.If receive and successfully check last certificate as yet, main frame then turns back to square frame 640 to send the request to next certificate in the chain so.If received and successfully checked last certificate, main frame then advances to next stage (square frame 646) after the certificate check so.
Certificate revocation
When the issue certificate, expect that it is used for its whole validity cycle.Yet various situations can cause certificate before the validity period expires, to become invalid.This type of situation comprises the related change (for example, the office worker stops the employment relationship with mechanism) between name changing, theme and the CA, and the divulging a secret or suspicious divulging a secret of corresponding private key.Under this type of situation, CA need recall certificate.
SSA realizes certificate revocation by different way, and each ACR can be configured for use in the specific method of recalling certificate.ACR can be through being configured to not support the scheme of recalling.In the case, think that each certificate is effectively till its expiry date.Perhaps can use certificate revocation lists (CRL).As another replacement scheme, the scheme of recalling can be specific for application-specific, or specific for using, and it will be explained hereinafter.ACR specifies through the appointment value of recalling and adopts three kinds to recall any in the scheme.If recall in nothing under the situation of scheme and create ACR, it might adopt the scheme of recalling that can be activated by the ACR owner so.Recalling by main frame rather than by the SSA security ststem of storage arrangement certificate carried out.The ACR owner is in charge of recalling of main frame root certificate, accomplish this action institute by mechanism be that voucher through renewal ACR carries out.
Certificate revocation lists (CRL)
The SSA system uses the scheme of recalling, and it relates to each CA and periodically issues the warp signature data structure that is called certificate revocation lists (CRL).CRL is the tabulation through time stamp, the certificate of recalling that its identification is signed by CA (issuing the same CA of in question certificate), and can use by public freedom.Each certificate of recalling is discerned by its certificate serial number in CRL.The size of CRL is arbitrarily and depends on the number of the certificate of being recalled that do not expire.When device uses certificate when (for example, being used to check the identity of main frame), install and not only check certificate signature (and validity), and contrast is tested to it through the tabulation of the sequence number of CRL reception.If on the CRL that the CA by the issue certificate issues, find the for example identifying informations such as sequence number of certificate, this indication certificate has been recalled and no longer valid so.
CRL also is verified as needs genuine so that make it can be used for the purpose of authentication certificate.Use the private key of the CA of issue CRL to sign CRL, and can decipher and CRL is verified as really warp signature CRL through the public keys that uses CA.If through the digests match of the CRL of deciphering CRL and unsigned, this means that so CRL is not altered as yet and be genuine.CRL uses hashing algorithm to make a summary to obtain it through hash continually, and summary is through the private key encryption of CA.In order to check CRL whether effective, use the public keys of CA to separate crammed signature CRL (that is, hash and warp are encrypted CRL) to obtain CRL (that is the summary of CRL) through deciphering and hash.This then compares with hash CRL.Therefore, checkout procedure possibly relate to the step that hash CRL compares with the CRL with warp deciphering and hash continually.
One of characteristic of CRL scheme is that the affirmation of certificate (contrast CRL) can separate execution with acquisition CRL.CRL is also by publisher's signature of relevant certificate, and uses the public keys of the CA that issues CRL in the above described manner and be verified with the mode of the check that is similar to certificate.Storage arrangement check signature is CRL, and the publisher of the publisher of CRL and certificate coupling.Another characteristic of CRL scheme is, can by with the identical means of certificate itself, promptly via non-telecommunications services device and the non-letter CRL that distributes that communicates by letter that puts of putting.CRL and characteristic thereof be explained in detail in standard X.509.
The SSA foundation structure of CRL
SSA provides foundation structure for the recalling of main frame of using the CRL scheme.When the scheme of recalling with CRL to based on the ACR of RSA checking the time, main frame adds a CRL (if publisher CA does not recall deed of appointment, possibly be the CRL of sky so) as extra field to setting the certificate order.This field will contain the CRL by publisher's signature of certificate.When this field existed, storage arrangement 10 was at first checked the certificate of setting in the certificate order.Acquisition and access CRL storage vault are the responsibility of main frame fully.CRL with its during effectively the time cycle (CRL time expiration cycle or CET) is issued.In the inspection period, if find the current time not at this moment between in the cycle, think the CRL defectiveness so, and can not be used for the certificate check.Thereby the result is the authentication failed of certificate.
In the conventional certificate method of inspection, checking or check entity expection have maybe can be from certificate authority (CA) retrieval certificate revocation lists, and contrast tabulation inspection through the sequence number that presents the certificate that is used to verify to confirm whether the certificate that is appeared is recalled.In checking or check entity is under the situation of storage arrangement, and storage arrangement possibly not be used for from CA retrieval certificate revocation lists independently.If certificate revocation lists is stored in the device in advance, this tabulation expired certificate of recalling after the installed date that makes that can become will can not appear in the tabulation so.The certificate accessing storage devices that this will make the user use to recall.This is undesirable.
In one embodiment, the problems referred to above can be solved by a system, hope that wherein the entity of being verified is provided to checking entity (it can be storage arrangement 10) with certificate revocation lists together with certificate to be verified.The checking entity is followed the authenticity of certification of proof and the certificate revocation lists that is received.Whether the checking entity is present in through the identifying information (the for example sequence number of certificate) of checking certificate is checked in the tabulation that certificate is whether on revocation lists.
In view of above content, asymmetric proof scheme can be used for the mutual checking between host apparatus and the storage arrangement 10.Hope provides its certificate chain and corresponding CRL to the host apparatus of storage arrangement 10 checkings with needs.On the other hand, host apparatus has been used to be connected to CA to obtain CRL, makes that storage arrangement need not presented to host apparatus together with its certificate or certificate chain with CRL when storage arrangement 10 will be verified by host apparatus.
In recent years, there is the dissimilar mancarried device of the number of amplification that can be used for play content, for example different embedded or separate music player, mp3 player, cellular phone, personal digital assistant and notebooks.Though might this type of device be connected to World Wide Web so that access is tabulated from the certificate check of certificate authority; But many users are not connected to network usually every day, have been merely the acquisition fresh content or have upgraded reservation (for example every at a distance from several weeks) but will be connected to network.Therefore, this type of user must possibly be a trouble from certificate authority acquisition certificate revocation lists more continually.For this type of user, certificate revocation lists and (randomly) are presented to memory storage with needs and can be stored in the preferred not protected zone of memory storage itself with the host credentials of access protected content.In the memory storage (for example, flash memory) of many types, the not protected zone of memory storage is managed by host apparatus rather than by memory storage itself.In this way, the user does not need (through host apparatus) must be connected to network to obtain more how up-to-date certificate revocation lists.Host apparatus can be simply from the not protected area reseach this type of information of memory storage, and then turn to and this type of certificate and tabulation be presented to memory storage or storage arrangement with the protected content in the accessing storage devices.Because it is effective in some time cycle usually to be used for the certificate and the respective certificate revocation lists thereof of access protected content, so as long as it is still effective, the user just needn't obtain up-to-date certificate or certificate revocation lists.Above characteristic make the user can be during the suitably long cycle under certificate and all unspent situation of certificate revocation lists access certificate and certificate revocation lists expediently, obtain updated information and needn't be connected to certificate authority.
Said process is explained in the process flow diagram of Figure 30 and 31.Shown in figure 30, main frame 24 reads from the not protected public domain of storage arrangement 10 about main frame will present to the CRL (square frame 652) of storage arrangement with the certificate that is used to verify.Because CRL is stored in the not protected zone of storer, so before main frame can obtain CRL, do not need checking.Because CRL is stored in the public domain of storage arrangement, so reading of CRL receives host apparatus 24 controls.Main frame sends to storage arrangement (square frame 654) with CRL and certificate to be checked again together, only and if its receive failure notification from storage arrangement 10, otherwise advance to next stage (square frame 656).Referring to Figure 31, storage arrangement receives CRL and certificate (square frame 658) and checks certificate serial number whether on CRL (square frame 660) from main frame, and checks others (for example, whether CRL expires).If the discovery certificate serial number is former thereby failure on CRL or owing to other, storage arrangement then sends to main frame (square frame 662) with failure notification so.In this way, different main frames can obtain to be stored in the CRL in the public domain of storage arrangement, because said same CRL can be used for the checking of different main frames.As stated, for user convenience, the certificate that uses the CRL check also can preferably be stored in the not protected zone of storage arrangement 10 with CRL.Yet the main frame that certificate can be used for only being distributed to by certificate is verified to storage arrangement.
In its field, contain under the situation of time (illustrated in like Figure 32) of next renewal at CRL, the SSA in the device 10 also contrast this inspection current time time with check the current time whether at this moment between after; If, also failure of checking so.SSA therefore preferably contrast the current time (or contrast storage arrangement 10 time when receiving CRL) check next renewal time and CET both.
As stated; If CRL contains the long list of the identifying information of being recalled certificate; Handle (for example hash) and search listing so and possibly take a long time with the sequence number of the certificate that obtains to appear by main frame, especially handle and the situation of search implementation in regular turn under.Therefore, for accelerator, these can be carried out simultaneously.In addition, before processing and search whole C RL, receive whole C RL if desired, process also maybe be consuming time so.The applicant recognizes, can come accelerator through the several portions (when it is received (underway)) of handling and search for CRL, makes that process is near completion when receiving the decline of CRL.
The above characteristic of scheme is recalled in Figure 33 and 34 explanations.Locate the entity acceptance certificate and the CRL (square frame 702) that are verified from hope at checking entity (for example, storage arrangement is such as memory cards).Handle the several portions of (for example hash) unencryption CRL, and these parts are carried out the identification (for example, sequence number) of the certificate that search appeared to be used for simultaneously.The CRL of treated (for example hash) partly is compiled as complete hash CRL, its with through use part compiling that the entity verified from hope receives through deciphering CRL part forms complete through deciphering and the CRL of hash compares.If relatively do not have coupling in the indication relatively, so authentication failed.The checking entity also contrasts the time and the CET both (square frames 706,708) of current time next renewal of inspection.If the identifying information of the certificate of finding to be appeared on the CRL or the current time not in CET, if or the time-out of the CRL of next renewal go also failure (square frame 710) of checking so.In some embodiments, store hash CRL part and possibly not need a large amount of storage space for compiling through decrypted hash CRL part.
When entity (for example, main frame) is hoped by checking, it will send to its certificate and verify entity (square frame 722) with CRL, and advance to next stage (square frame 724).This explains in Figure 34.
Present the certificate chain that is used to discern like sporocarp, can implement so and the similar process of preceding text.In the case, need to each certificate in the chain with and corresponding CRL repeat said process.Each certificate and CRL thereof can handle when it is received, and the remainder that need not wait for the acceptance certificate chain with and corresponding CRL.
Identity object (IDO)
Identity to as if through design with allow storage arrangement 10 (for example, flash memory cards) storage RSA key to or the protected object of the password ID of other type.The identity object comprises the password ID of any kind that can be used for signing and check identity and encryption and decryption data.The identity object also comprises certificate from CA (or from a plurality of CA certificate chain), and the public keys of its auth key centering is true.The identity object can be used for providing the proof of the identity of external entity or inner card entity (that is, device itself, internal applications etc. are called the owner of identity object).Therefore, card do not use RSA key to or the password ID of other type come through query-response authenticate main frame but the proof of discerning as the data stream that is provided to its place through signature.In other words, the identity object contains its possessory password ID.For the password ID in the access identity object, main frame will at first need be verified.Such as hereinafter description, control proof procedure by ACR.After main frame was by good authentication, the identity object owner ID that can access to your password set up possessory identity to the opposing party.For instance, password ID (for example, the right private key of public-private key) can be used for signing the data that appeared through main frame by the opposing party.The representative capacity object owner presents data and certificate through signature in the identity object to the opposing party.The right public keys of public-private key in the certificate is accredited as very by CA (that is, putting the letter authorized party), makes this public keys of the opposing party's trusted for true.The opposing party can then use the public keys in the certificate to separate the data of crammed signature, and will compare through data decryption and the data of being sent by the opposing party.If through data decryption and the Data Matching of being sent by the opposing party, this owner who shows the identity object really can the real private key of access so, and is its represented entities really therefore.
Second purposes of identity object is to protect the owner data designated of ID (for example RSA key itself) to IDO that access to your password.Said data predicting uses the IDO public keys to encrypt.Storage arrangement 10 (for example, memory cards) will use said private key to decipher said data.
IDO is the object that can create to the ACR of any kind.In one embodiment, ACR can only have an IDO object.Data signatures and protection characteristic all are that the SSA system just offering can be to the service of any entity of ACR checking.The protection class of IDO is the same high with the login authentication scheme of ACR.Can select any verification algorithm to the ACR that must have IDO.Decide and assess which algorithm and can protect IDO to use preferably by founder's (main frame).ACR with IDO provides its certificate chain in response to the order of obtaining the IDO public keys.
When IDO is used for data protection, from possibly further protecting of card output through data decryption.In the case, encourage main frame to use escape way through any one foundation of available verification algorithm.
When creating IDO, select key length and PKCS#1 version.In one embodiment, public and private key uses (index, the modulus) representation as defining among the PKCS#1v2.1.
In one embodiment, the data that comprised during the establishment IDO are that the RSA key in the designated length is right, and the certificate chain that recursively confirms the authenticity of public keys.
The ACR that has IDO will allow the signature user data.This orders through two SSA and accomplishes:
Set user data: free-format data buffer to be signed is provided.
Obtain the SSA signature.Card will provide RSA signature (using the ACR private key).The form of said signature is set according to PKCS#1V1.5 or V2.1 according to object type with big I.
Use the explanation among Figure 35-37 that operates in of IDO, wherein storage arrangement 10 is a flash memory cards, and said card is the owner of IDO.Figure 35 instruction card is practiced process when signature sends to the data of main frame.Referring to Figure 35, main frame such as by the ACR at the node place of above-mentioned tree construction control and by checking (square frame 802) afterwards, card is waited for the request (rhombus 804) of main frame cert.After the request of receiving, card sends certificate and turns back to rhombus 804 to carry out next host requests (square frame 806).Send certificate chain if desired to prove the public keys of the IDO that card is had, repeat above action all certificates in chain so and send to till the main frame.After each certificate had sent to main frame, card was waited for other order (rhombus 808) from main frame.If in preset time period, do not receive order from main frame, card turns back to rhombus 804 so.After host receiving data and order, the card inspection confirms to order whether be used to sign data (rhombus 810).If order is to be used to sign data, card also will send to main frame (square frame 812) and turn back to rhombus 804 with the signature of the private key among IDO data through the signature data so.If the order from main frame is not to be used to sign the data from main frame, card uses the private key among the IDO to decipher the data (square frame 814) that received and turn back to rhombus 804 so.
The practiced process of main frame when Figure 36 explanation is sent to the data of main frame in the card signature.Referring to Figure 36, main frame sends to card (square frame 822) with authorization information.Such as by the ACR at the node place of above-mentioned tree construction control and successfully after the checking, main frame sends to card and reception chain (square frame 824) with the request of cert chain.After the public keys of check card, main frame sends to card to be used to sign and receive the data (square frame 826) by the private key signature of card with data.
The public key encrypts data that Figure 37 explanation is used card when main frame also will be when enciphered data sends to card the practiced process of main frame.Referring to Figure 37, main frame sends to card (square frame 862) with authorization information.After the checking successful execution by ACR control, main frame will send to card (square frame 864) and requests for data is sent to card the request of the required certificate chain of the public keys that blocks among the check IDO.After checking the public keys that blocks among the IDO, the warp check public-key encryption of main frame use card is from the data of blocking and send it to card (square frame 866,868).
Inquiry
Main frame and application program need have about some information of storage arrangement of just therewith working or card so that the executive system operation.For instance, main frame and application program possibly know that which application program that is stored on the memory cards can be used for calling.The required information of main frame is not common knowledge sometimes, this means not to be that everyone has the right to have said information.Therefore, in order to distinguish through authorizing and the unauthorized user, need provide can be by two kinds of querying methods of main frame use.
The general information inquiry.This inquiry provides hard-core system public information.The confidential information that is stored in the storage arrangement comprises two parts: shared portion and non-shared portion.A part of confidential information comprises can be by the proprietary information of individual entities, make to allow only himself Proprietary Information of access of each entity, and proprietary confidential information that can not other side of access.The confidential information of this type is not shared, and forms the non-shared portion of confidential information.
Be commonly referred to be some public information and possibly be regarded as secret, the for example title of the application program in the card in the existence and life cycle state thereof in some cases.Another instance of this situation possibly be a root ACR title, and it is considered to public but possibly is secret for some SSA operating positions.For these situation, system will provide the option that keeps this information only can be by all empirical tests users can not be used by the invalidated user in response to general information inquiry.This type of information is formed the shared portion of confidential information.The instance of the shared portion of confidential information can comprise the root ACR tabulation-current tabulation that is present in all the root ACR on the device.
The access of inquiring about public information through general information does not need main frame/user to sign in among the ACR.Therefore anyone of known SSA standard can carry out and receive said information.According to the SSA term, this querying command is disposed not having under the situation of dialogue number.Yet entity is to the access of the shared portion of confidential information if desired, and so said entity needs at first through control any one (for example, ACR any one) empirical tests to the control structure of the access of the data in the storage arrangement.After good authentication, entity can be through the shared portion of general information queried access confidential information.Such as preceding text explaination, proof procedure is used for generation the SSA dialogue number or the id of access.
Careful information inquiry
Be regarded as careful and need clearly checking about the specific information of indivedual ACR and system access and assets.Therefore, this search request carried out ACR login and checking (if checking is specified by ACR) before the mandate that receives information inquiry.This inquiry needs SSA dialogue number.
Before the inquiry of two types of detailed descriptions, the notion of at first describing index group will be useful as the solution of putting into practice that is used to implement to inquire about.
Index group
The application program that operating system on the main frame (OS) and system driver request move on potential SSA main frame is to specify the set number of sectors that is read.This means again host application program need know for each SSA read operation to read how many sectors.
Because the character of query manipulation is the information that supply is not generally known for the people of solicited message, so the required number of sectors of host application program releasing inquiry and this operation of conjecture is difficult.
For head it off, the every query requests of SSA inquiry output buffer only is made up of a sector (512 byte).Object as the part of output information is organized with the group that is called index group.The object of each type can have different byte-sized, this worry and can be fit to the number of the object of single sector.The index group of this this object of definition.If object has 20 byte-sized, the index group of this object will contain to reaching 25 objects so.If there are 56 these class objects altogether; It will be organized in 3 index groups originally so; Wherein object " 0 " (first object) will begin the first index group, and object " 25 " will begin the second index group, and object 50 will begin the 3rd (last) index group.
System queries (general information inquiry)
This inquiry provides the general public information of the current system that is set up about the SSA system that supported in the device and different trees and application program as operation on device.Be similar to the ACR inquiry (careful inquiry) that hereinafter is described, system queries will be through structure to provide some query options:
Generally-support the version of SSA.
SSA application program-current the tabulation that is present in all the SSA application programs (comprising its running status) on the device.
The information that preceding text are enumerated is public information.The same with ACR inquiry, need know to the inquiry output buffer to read how many sectors in order to get rid of main frame, will there be a sector to send it back from device, the while still makes main frame can further inquire about extra index group.Therefore, if outnumbering to the output buffer of index group " 0 " of root ACR object is big or small, main frame can send another query requests about index group (" 1 ") subsequently so.
ACR inquires about (careful information inquiry)
The SSAACR querying command is hoped to the information of ACR user's supply about the system resource (such as key and application program ID, subregion and filial generation ACR) of ACR.Query Information is only about the ACR of login and less than the information about other ACR on the genealogical tree.In other words, access only limits to the accessible said part under the permission of related ACR of confidential information.
Three kinds of different ACR objects that exist the user to inquire about:
Subregion-title and access right (owner, read, write).
Key ID and application program ID-title and access right (owner, read, write).
The ACR of the direct filial generation ACR of filial generation ACR-and AGP title.
IDO and secured data objects (hereinafter description)-title and access right (owner, read, write).
Because the number could varyization of the object that is connected with ACR and information maybe be more than 512 bytes (sectors).Under the situation of the number of not knowing object in advance, the user has no idea to know and need read how many sectors from the SSA system the device so that obtain tabulation fully.Therefore, each list object that the SSA system provides is divided into index group, is similar to the situation of said system inquiry.Index group is the number that is coupled to an object in the sector, can in a sector, the SSA system of how many objects from device be sent to main frame.This makes a sector of the transmission index group that asks of SSA system in the device.Main frame/user will receive the impact damper of institute's query object, the number of the object in the impact damper.If impact damper is full, the user can inquire about next object indexing group so.
Figure 38 is the process flow diagram that explanation relates to the operation of general information inquiry.Referring to Figure 38, when SSA system (square frame 902) when entity receives the general information inquiry, system confirms that whether entity is by checking (rhombus 904).If it is verified that system is to the shared portion (square frame 906) of entity supply public information and confidential information so.If it is not verified that system is only to entity supply public information (square frame 908) so.
Figure 39 is the process flow diagram that explanation relates to the operation of careful information inquiry.Referring to Figure 39, when SSA system (square frame 922) when entity receives careful information inquiry, system confirms that whether entity is by checking (rhombus 924).If it is verified that system is to entity dispenser device confidential information (square frame 926) so.If it is not verified that system's refusal entity is to the access (square frame 928) of confidential information so.
Feature set is extended (FSE)
In many cases, very advantageously be SSA internal operation data processing activity (for example, DRM licence object confirm) on card.Will be safer, more effective the alternative solution that the gained system all carries out on main frame with respect to all data processing tasks wherein, and do not rely on main frame.
The SSA security ststem comprises one group of verification algorithm and delegated strategy, its through design with control to access and use thereof by the set of the object of memory cards storage, management and protection.In case main frame obtains access right, main frame just will then be carried out processing to the data that are stored in the storage arrangement, wherein the access of storage arrangement controlled by SSA.Yet tentation data is specific for using largely in nature, and therefore among the SSA undefined data form also undefined data handle, said SSA does not handle the data that are stored on the device.
One embodiment of the present of invention are based on following understanding: the SSA system can be through strengthening to allow main frame to carry out some functions in the function of being carried out in memory cards by main frame usually.Therefore, some software functions of main frame can be divided into two parts: a part is still existing by the card execution by main frame execution and another part.This has strengthened to many application's data processing security and efficient.For this purpose, can add the mechanism that is called FSE to strengthen the ability of SSA.The host application program of being carried out in this way by card among the FSE is also referred to as internal applications or device internal applications in this article.
The SSA system that strengthens provides in order to extend the mechanism of basic SSA command set, and its introducing via card application provides checking and the access control to card.Suppose card application except SSA those the service also implement other service (for example, DRM scheme, e-commerce transaction).The SSA feature set is extended (FSE) and is had the mechanism of the standard SSA security ststem of data processing software/hardware module (it can be proprietary) through design with enhancing.By the service of SSA FSE system definition make host apparatus except the information that can use above-mentioned inquiry to obtain is can also be to card inquiry applications available, the selection application-specific is also communicated by letter with application-specific.Above-described general and careful inquiry can be used for this purpose.
Utilize two kinds of methods of extending the card feature set among the SSA FSE:
Service-launch this characteristic through allowing to use the command channel (it can be proprietary) that is called communication pipe directly to communicate by letter with internal applications through authorized entity is provided.
The extension of SSA standard access control strategy-launch this characteristic with the inner card application-associated through making inner protected data object (for example, the SDO of CEK, secured data objects or hereinafter description).When this object of access,, call the application program that is associated so except standard SSA strategy, also to force at least one condition whereby if satisfy defined standard SSA strategy.This condition optimization ground will be not and standard SSA policy conflict.Only when satisfying this extra condition equally, just grant access right.Before further setting forth the ability of FSE in detail, will narrate structure aspects and communication pipe and the SDO of FSE at present.
SSM module and correlation module
Figure 40 A is the functional-block diagram of the system architecture 1000 in the storage arrangement 10 (for example, flash memory cards) that is connected to host apparatus 24, and it is in order to explanation one embodiment of the invention.The primary clustering of the software module in the storage arrangement of card 20 is following:
SSA transport layer 1002
The SSA transport layer depends on the card agreement.It disposes host computer side SSA request (order) on the protocol layer of card 10, and then is relayed to SSM API.All hosts-Ka synchronously with the SSA command recognition all in this module place completion.Transport layer also is responsible for all the SSA data transfer between main frame 24 and the card 10.
Security service module core (SSM core) 1004
This module is the pith of SSA embodiment.The SSM core is implemented the SSA structure.More particularly, the SSM core is implemented all respective rule of SSA tree and ACR system and above-described composition system.SSA security and cipher feature are supported in the SSM nucleus module storehouse 1012 that accesses to your password, and for example encrypt, deciphering and hash.
SSM core API 1006
This is that wherein main frame and internal applications will be situated between with the SSM core and connect to carry out the layer of SSA operation.Shown in Figure 40 A, both will use identical API main frame 24 and interior arrangement application program 1010.
Security application manager module (SAMM) 1008
SAMM is not the part of SSA system, but it is an important module of controlling the interior arrangement application program that connects with Jie of SSA system in the card.
All interior arrangements of SAMM management run application, and it comprises:
1. the application program life cycle is kept watch on and control.
2. application initialization.
3. application program/main frame/SSM interface.
Device internal applications 1010
These are through the application program of approval in the operation of card side.It is managed by SAMM and can access SSA system.The SSM core also provides the communication pipe between host computer side application program and the internal applications.The instance of this type of internal operation application program is DRM application program and one-time password (otp) application program, further explains like hereinafter.
Apparatus management system (DMS) 1011
This is to contain after transportation in (being commonly referred to the issue back) pattern more that the system of neocaine serves the required process and the module of agreement with application firmware and interpolation/removal.
Figure 40 B is the functional-block diagram of the in house software module of SSM core 1004.Shown in Figure 40 B, core 1004 comprises SSA order disposer 1022.Disposer 1022 was resolved said order before the SSA order that is derived from main frame or is derived from device internal applications 1010 is delivered to SSA manager 1024.All SSA data of safety structures (for example AGP and ACR) and all SSA rule and strategy all are stored in the SSA database 1026.SSA manager 1024 is implemented by ACR and AGP and is stored in the control that other control structure in the database 1026 applies.For example other object such as IDO and secured data objects also is stored in the SSA database 1026.SSA manager 1024 is implemented by ACR and AGP and is stored in the control that other control structure in the database 1026 applies.The non-safe operation that does not relate to SSA is disposed by the non-safe operation module 1028 of SSA.Safe operation under the SSA structure is disposed by SSA safe operation module 1030.Module 1032 is the interfaces that module 1030 are connected to cryptographic libraries 1012.The 1034th, module 1026 and 1028 is connected to the layer of flash memory 20 among Fig. 1.
Communication (or through) pipeline
Through the pipeline object make through the authorization host side entity can with as communicate by letter by the internal applications that SSM core and SAMM control.Upward implementation of order (hereinafter definition) is being sent and received to data transfer between main frame and the internal applications.Actual command is that application program is specific.The entity (ACR) of creating pipeline provides the ID of pipeline name with its application program that open channel is arrived with needs.The same with all other protected objects, ACR become its owner and be allowed to according to the standard authorization rule with the restriction to other ACR license power and entitlement.
If in the ACAM of empirical tests entity, set establishment _ pipeline permission, the empirical tests entity will be allowed to create the pipeline object so.Only write or read pipeline when permission when having set among the PCR in internal applications, just permission and internal applications communicates by letter.Only work as entity and be the pipeline owner or in its PCR, set authorize access temporary, just allow entitlement and access right mandate.With the same when all other permissions when another ACR authorizes proprietary rights, the original owner will preferably it be peeled off permission that this installs application program from all.
Preferably, only create a communication pipe to application-specific.Create second pipeline and be connected to the trial of the application program that has connected will be preferably by SSM system 1000 refusals.Therefore, preferably, there is one-one relationship between one and the communication pipe of device internal applications 1010.Yet, a plurality of ACR can with a device internal applications communicate by letter (via licensing scheme).Single ACR can with some device interapplication communications (via the entitlement of authorizing or be connected to a plurality of pipelines of different application).The ACR that controls different pipelines preferably is arranged in the node of the tree that separates fully, makes not exist between the communication pipe and crosstalks.
Use is with the Data transmission between main frame and application-specific of issuing orders:
Write through (WRITE PASS THROUGH)-will from main frame will be not formatted data buffer transfer auto levelizer internal applications.
Read through (READ PASS THROUGH)-will from main frame will be not formatted data buffer transfer auto levelizer internal applications, in case and inter-process accomplish, just main frame is not got back in the output of formatted data impact damper.
Write and read through order the device internal applications 1008 that main frame hopes to communicate with is provided ID as parameter.To confirm entity permission, and if request entity (that is, managing on behalf of another the ACR of the dialogue that this entity just using) have the permission of using the pipeline that is connected to institute's request applications, data buffer will be by decipher and fill order so.
This communication means allows host application program that seller/proprietary particular command is delivered to the interior arrangement application program through SSA ACR dialog channel.
Secured data objects (SDO)
Can combine the useful of FSE use to liking SDO.
SDO serves as the universal container of the safety storing that is used for sensitive information.Be similar to the CEK object, it owns for ACR, and can between ACR, authorize access weigh and entitlement.It contains with good grounds predefine policy constraints and data protected and use, and the link that randomly has auto levelizer internal applications 1008.Sensitive data can't help preferably that the SSA system uses or decipher, but by the owner and user's use or decipher of object.In other words, the SSA system does not discern by the information in the data of its disposal.In this way, the owner of the data in the object and user can more not pay close attention to when Data transmission between main frame and data object and connect the loss of the sensitive information that causes owing to being situated between with the SSA system.Therefore, the SDO object is created by host computer system (or internal applications), and has been assigned string ID, and is similar with the mode of creating CEK.After establishment, main frame also provides the application program ID of the application program that is linked to SDO and will be stored, carry out integrity check and data retrieved block by SSA except title.
Be similar to CEK, preferably only in the SSA dialogue, create SDO.The ACR that is used to open dialogue becomes the owner of SDO and has the right its deletion, permission from access SDO to another ACR (its filial generation or in same AGP) that write and read sensitive data and authorize entitlement and.
Special owner's reservation for SDO writes and read operation.Write operation uses the data buffer that is provided to rewrite existing SDO object data.Read operation will be retrieved the partial data record of SDO.
Allow the SDO accessing operation to nonowners ACR with suitable access permission.Operation below the definition:
Set SDO, application program ID defines: data will be by the inside SSA application program processes with application program ID.Application program is through being called with the related of SDO.As optional result, application program will write the SDO object.
Set SDO, application program ID is empty: this option is invalid and will point out illegal command error.The internal applications that setting command need move in card.
Obtain SDO, application program ID defines: request will be handled by the device internal applications with application program ID.Application program is through being called with the related of SDO.Output (although undefined) will be sent back to the requestor.Application program will randomly read the SDO object.
Obtain SDO, application program ID is empty: this option is invalid and will point out illegal command error.Obtain the internal applications that order need move in card.
The relevant permission of SDO: ACR can be the SDO owner or only have access permission (set, obtain or both).In addition, can permit ACR its access right is delivered to the SDO that it does not have, be delivered to another ACR.Can permit ACR clearly creates SDO and has authorize access power under the situation of ACAM permission at it.
Inner ACR
Inner ACR is similar to the ACR of any PCR of having, and just the external entity of device 10 can not sign in to this ACR.In fact, when calling the object that is under its control or during with application program that it is associated, the SSA manager 1024 of Figure 40 B signs in to inner ACR automatically.Owing to attempt to obtain the entity of access right is card or the inner entity of storage arrangement, so do not need to verify.SSA manager 1024 will be delivered to inner ACR to launch intercommunication with session key simply.
With using two instances the ability of FSE is described: disposal password produces and digital rights management.Before describing disposal password generation instance, with the problem of at first narrating the dual factors checking.
OTP embodiment
Dual factors checkings (DFA)
DFA is an indentification protocol, and it is through designing to strengthen the individual login security to (as an instance) web service servers through extra secret " second factor " being added to Standard User voucher (that is, user's name and password).A certain content in the secure physical token that second secret is normally stored the user and had.During login process, the user need provide the proof that the had part as logging on authentication.The normally used mode that proof has is to use one-time password (otp), promptly only is suitable for the password of single login, and it is produced by security token and exports from security token.If the user can provide correct OTP, it is considered to have fully proving of token so, is not having to calculate OTP under the situation of token because it can not be carried out with pin mode.Because OTP only is suitable for once logining, so the user should have token when login, because the use of the Old Password of capturing from previous login is with no longer valid.
The product utilization SSA data of safety structure of describing in the following paragraph; Add that a FSE design is to calculate next password in the OTP sequence; Thereby implement flash memory cards with a plurality of " virtual " security token, each " virtual " security token produces not homotactic password (it can be used for signing in to different web sites).The block scheme of this system is described in Figure 41.
Complete system 1050 comprises authentication server 1052, Internet server 1054 and user 1056 and token 1058.First step is the shared secret (being also referred to as seed supply) between agreement authentication server and the user.User 1056 will ask issue secret or seed and will be stored in it in the security token 1058.Next step is with the secret of being issued or seed and specific network service server contact.In case this completion just can be verified.The user will indicate token to produce OTP.OTP and User names and passwords send to Internet server 1054.Internet server 1054 is forwarded to authentication server 1052 with OTP, thereby requires its inspection user identity.Authentication server also will produce OTP, and because it is from producing with the shared secret of token, so it should mate with the OTP that produces from token.If the coupling of finding, inspection user identity and authentication server will transfer back to Internet server 1054 to positive acknowledgment so, and Internet server 1054 will be accomplished process of user login.
The FSE embodiment that is used for the OTP generation has following characteristic:
OTP seed safety ground storage (encryption) is in card.
Produce algorithm at the inner password of carrying out of card.
Device 10 can imitate a plurality of virtual tokens, its each store different seeds, and can use different ciphers to produce algorithm.
Device 10 provides security protocol so that seed is sent to the device from authentication server.
The SSA characteristic that is used for OTP seed supply and OTP generation is explained at Figure 42, wherein solid arrow explanation entitlement or access right, and dotted arrow explanation association or link.Shown in figure 42, in SSA FSE system 1100, can pass through one or more communication pipes 1104 access software program code FSE 1102 by each control of N application A CR 1106.Among the embodiment that describes hereinafter, a FSE software application only is described, and, is only had a communication pipe for each FSE application program.Yet, will understand an above FSE application program capable of using.Though a communication pipe only is described among Figure 42, will understand, can use a plurality of communication pipes.All these type of variations all are possible.Referring to Figure 40 A, 40B and 42, FSE 1102 can be the subclass that is used for the application program of OTP supply and forms the device internal applications 1010 of Figure 40 A.Control structure ( ACR 1101,1103,1106,1110) is the part of the data of safety structure among the SSA and is stored in the SSA database 1026.For example data structures such as IDO 1120, SDO object 1122 and communication pipe 1104 also are stored in the SSA database 1026.
Referring to Figure 40 A and 40B, relate to ACR and data structure the security associative operation (for example, the data transfer in the dialogue and for example encrypt, operations such as deciphering and hash) dispose down the auxiliary of interface 1032 and cryptographic libraries 1012 by module 1030.SSM core API 1006 do not distinguish relate to the ACR mutual (external AC R) with main frame and not with the operation of the mutual inside ACR of main frame, and therefore do not distinguish the operation that relates to main frame and device internal applications 1010.In this way, identical controlling mechanism is used for the access of main control system side entity and the access of device internal applications 1010.This is provided at dividing data processing more flexible between host computer side application program and the device internal applications 1010.Internal applications 1010 (for example, the FSE among Figure 42 1102) and inner ACR (for example, the ACR among Figure 42 1103) are associated and the control through inner ACR is called.
In addition; (for example has regular with the tactful data of safety structure of the SSA that is associated; ACR and AGP) preferably control access to the interior important informations such as information of perhaps can the content from SDO deriving among the SDO for example, make that outside or internal applications only can be according to SSA rule and tactful access information perhaps in this.For instance, come deal with data if two different users can call indivedual one in the device internal applications 1010, the inside ACR that is arranged in independent hierarchical tree so is used to control said two users' access, makes not crosstalk therebetween.In this way, but the common collection of two user's access device internal applications 1010 comes deal with data, and worries to lose the internally perhaps control of information aspect the owner of interior perhaps information that can be in SDO.For instance, the access of storage by the SDO of the data of device internal applications 1010 accesses can be made and do not crosstalked therebetween by the ACR control that is arranged in independent hierarchical tree.This control mode is similar to the mode of above-described SSA control to the access of data.This provides the safety of data that is stored in the data object to content owner and user.
Referring to Figure 42; The part of the software application code that OTP associated host application program is required might store (for example, storage in advance or loading after the memory cards issue before memory cards issue) in storage arrangement 10 as the application program among the FSE 1102.In order to carry out this code, main frame will need at first to verify that through one of N checking ACR 1106 N is a positive integer, so that obtain the access right to pipeline 1104.Main frame also provides application program ID with needs so that discern the OTP related application that its hope is called.After good authentication, but this code of access is used for carrying out through the pipeline 1104 that is associated with the OTP related application.As stated, preferably there is one-one relationship between pipeline 1104 and the application-specific (for example, OTP associated inner application program).Shown in figure 42, a plurality of ACR 1106 can share the control to Common Ducts 1104.ACR is above pipeline of may command also.
Explanation is referred to as secured data objects SDO 1, SDO 2 and the SDO 3 of object 1114 among Figure 42, its each contain data, for example be used for the seed that OTP produces, said seed is valuable and preferred through encrypting.The link between three data objects and the FSE 1102 or the attribute of related 1108 description objects; Promptly when in the access object any one; The application program that has among the FSE 1102 of the application program ID in the attribute of SDO will be called, and said application program will be carried out by the CPU 12 of storage arrangement and need not receive any further Host Command (Fig. 1).
Referring to Figure 42, before the user can begin the OTP process, created data of safety structure (ACR 1101,1103,1106 and 1110), its PCR is used to control the OTP process.The user has access right to call OTP device internal applications 1102 through one of authentication server ACR 1106 with needs.The user also has a couple through N user ACR 1110 with the access right of the OTP that produces with needs.Can during OTP seed supply process, create SDO1114.IDO 1116 has preferably created and has been controlled by inner ACR 1103.Inner ACR 1103 also controls said SDO 1114 after creating SDO1114.When access SDO 1114, the SSA manager 1024 among Figure 40 B signs in to ACR 1103 automatically.Inner ACR 1103 is associated with FSE 1102.During the OTP seed supply process of showing like dotted line 1108, SDO 1114 can become and be associated with FSE.After association was in the appropriate location, when main frame access SDO, association 1108 will impel called FSE 1102, and does not have the further request from main frame.When passing through the access communication pipelines 1104 of N ACR 1106, the SSA manager 1024 among Figure 40 B also will sign in to ACR 1103 automatically.Under two kinds of situation (access SDO 1114 with pipeline 1104), the SSA manager will number be delivered to FSE 1102 to dialogue, and said dialogue number will discern the passage of the inner ACR 1103 of arrival.
The OTP operation relates to two stages: the OTP that explains among the seed supply stage of explaining among Figure 43 and Figure 44 produces the stage.Also will be referring to Figure 40-42, its auxiliary description.Figure 43 is the protocol figure of explanation seed supply process.Shown in figure 43, main frame (for example, main frame 24) and card are taked exercises.The SSM system that to take an entity on the card of exercises be Figure 40 A and 40B comprises SSM core 1004.Taking another entity on the card of exercises is FSE 1102 shown in Figure 42.
In a single day in the dual factors checking, the user asks to issue seed, and issues seed, said seed just will be stored in the security token.In this example, security token is storage arrangement or card.The checkings of the checking ACR 1106 of user in Figure 42 are to obtain the access right (arrow 1122) to the SSM system.Suppose and verify that successfully (arrow 1124), user then ask seed (arrow 1126).The request that main frame will be signed the seed request through the application-specific 1102 of selecting to be used to sign the seed request sends to card.If the user does not know the application-specific ID that need call, can (for example) obtain these information from installing 10 so through careful inquiry to device.The user then imports the application program ID of the application program that should call, also selects the communication pipe corresponding to application program whereby.User command then is forwarded to by the application program (arrow 1128) from application program of user ID appointment through the respective communication pipeline in through order.The application requests of being called is signed by the public keys among the specified IDO (for example, the IDO among Figure 42 1112).
The SSM system uses the public keys signature seed request of IDO and notification application signature to accomplish (arrow 1132).The application program of being called is then asked the certificate chain (arrow 1134) of IDO.As response, the SSM system provides the certificate chain (arrow 1136) by the IDO of ACR1103 control.The application program of being called then will be provided to the SSM system through communication pipe through seed request and the certificate chain of IDO of signature, and said SSM system is forwarded to main frame (arrow 1138) with it.Through the transmission through communication pipe of seed request and the IDO certificate chain of signature is through carrying out at the callback feature of setting up between the SAMM1008 of Figure 40 A and the SSM core 1004, wherein will be hereinafter the said callback feature of elaboration in detail.
Seed request and IDO certificate chain through signature that main frame received then send to authentication server shown in Figure 41 1052.Certificate chain by card provides identifies that the seed request through signature is to be derived to put the signaling board, makes authentication server 1052 be willing to that the purpose card provides secret seed.Therefore authentication server 1052 will send to main frame together with user ACR information with the seed of the public-key encryption of IDO.The user profile indication produces which person of user in N the user ACR of its access OTP that has the right down.Main frame calls the OTP application program among the FSE 1102 through supply application program ID, also selects the communication pipe corresponding to application program whereby, and user ACR information is forwarded to SSM system (arrow 1140).Then be forwarded to selected application program (arrow 1142) through encryption seed and user ACR information through communication pipe.The application program of being called will use the request of the private key deciphering seed of IDO to send to SSM system (arrow 1144).Also will decipher completed notice sends to application program (arrow 1146) to SSM system decrypts seed.The application program of being called then request is created secured data objects and seed is stored in the secured data objects.It also asks to make SDO be associated with the ID of the OTP application program that is used to produce disposal password (it can be the same application of just making request) (arrow 1148).SSM system creation SDO 1114 one and that seed is stored in said SDO is inner and said SDO is associated with the ID of OTP application program, and when completion, notice is sent to application program (arrow 1150).Application program then asks the SSM system to authorize the access right (arrow 1152) of inner ACR1103 access SDO 1114 to appropriate users ACR based on the user profile of host-supplied.After mandate has been accomplished, SSM notifications application program (arrow 1154).Application program then sends to SSM system (arrow 1156) with the title (groove ID) of SDO through communication pipe through callback feature.The SSM system then is forwarded to main frame (arrow 1158) with it.Main frame then makes the title of SDO and user ACR get in touch, but makes the user show access SDO.
To the process that OTP produces be described with reference to the protocol figure among Figure 44 at present.In order to obtain disposal password, the user will sign in to its user ACR that access right is arranged (arrow 1172).Suppose and verify successfully that SSM notifications main frame and main frame will " obtain SDO " order sends to SSM (arrow 1174,1176).As stated, the storage seed SDO with the application-associated that is used to produce OTP.Therefore, replace before with it, equally selecting application program, produce application program (arrow 1178) with the related OTP that calls that OTP produces between the application program by SDO by the order access in the arrow 1176 through communication pipe.OTP produces application program then asks the SSM system from SDO reading of content (that is seed) (arrow 1180).Preferably, SSM does not know to be included in the information in the content of SDO, and will be simply like the data among the indicated treatment S DO of FSE.If seed is through encrypting, this possibly relate to like the order of FSE institute and deciphers seed before reading so.The SSM system reads seed from SDO, and seed is provided to OTP generation application program (arrow 1182).OTP produces application program and then produces OTP and it is provided to SSM system (arrow 1184).OTP then is forwarded to main frame (arrow 1186) by SSM, and main frame is forwarded to authentication server 1052 to accomplish the dual factors proof procedure with OTP again.
Callback feature
Between the SSM of Figure 40 A core 1004 and SAMM 1008, set up general callback feature.Can different device internal applications and the communication pipes of this function register.Therefore, when the calling device internal applications, application program can use this callback feature after handling, data to be delivered to the SSM system through the same communication pipeline that once was used for Host Command is delivered to application program.
The DRM system embodiment
Figure 45 is the functional-block diagram of explanation DRM system; Said DRM system use communication pipe 1104 ', have to FSE application program 1102 ' link 1108 ' CEK 1114 ', and be used to control the control structure 1101 of the function of implementing the DRM function ', 1103 ', 1106 '.As will notice that the structure among Figure 45 quite is similar to the structure of Figure 42, just the data of safety structure comprises license server ACR 1106 ' and playback ACR 1110 ' replacing authentication server ACR and user ACR at present, and CEK 1114 ' is with replacement SDO.In addition, do not relate to IDO, and therefore in Figure 45, omit IDO.Can in the licence supply process, create CEK 1114 '.Protocol figure Figure 46 explanation is used for the process of licence supply and download content, and wherein key provides in the licence object.As among the OTP embodiment; Hope that the user who obtains licence will at first need obtain access right times of one and the N of N ACR a 1106 ' ACR 1110 ', make to come rendering content by media players such as for example media-player software application programs.
Shown in figure 46, main frame is to license server ACR 1106 ' checking (arrow 1202).Suppose and verify successfully (arrow 1204), license server offers main frame with license file together with CEK (key ID and key value).Main frame is also selected application program to be called through the SSM system that application program ID is fed on the card.Main frame also sends the player information information of media-player software application program (for example, about) (arrow 1206).Player information will indicate player under which person of N playback ACR 1110 ', to have access right.The SSM system is forwarded to DRM application program (arrow 1208) with license file and CEK through the communication pipe corresponding to selected application program.The application program of being called then asks the SSM system that license file is written to hidden partition (arrow 1210).When so writing license file, SSM notifications application program (arrow 1212).DRM application program then request is created CEK object 1114 ' and will be stored in wherein from the key value of license file.The DRM application program also asks to make CEK object and inspection be associated with the ID of the DRM application program of the licence of the keys that is provided (arrow 1214).The SSM system accomplishes these tasks and so notification application (arrow 1216).Application program then request will license to player through its playback of content of grand access ACR (arrow 1218) to the access right that reads of CEK 1114 ' based on the player information that main frame sent.The SSM system carries out to be authorized and so notification application (arrow 1220).Application program sends to the SSM system through communication pipe with the completed message of the storage of licence, and the SSM system is forwarded to license server (arrow 1222 and 1224) with it.Callback feature is used for this action through communication pipe.After receiving this notice, license server then provides the content file of encrypting with the key value among the CEK that is provided to card.Through encrypted content by host stores in public card zone.Storage through the encrypted content file does not relate to security functions, makes the SSM system not participate in the said storage.
Replay operations is described among Figure 47.The user verifies (arrow 1242) through main frame to suitable playback ACR (that is, preceding text will read the playback ACR that power is authorized in arrow 1152 and 1154).Suppose and verify successfully (arrow 1244) that the user then sends the request (arrow 1246) of reading with the key ID associated content.After receiving request, the SSM system will find DRM application program ID with just by the CEK object associated of access, and therefore will impel the DRM application program of calling through discerning (arrow 1248).DRM application requests SSM system reads the data (that is licence) (arrow 1250) that are associated with key ID.SSM does not know the information in its data that read by request, and handles the request from the execution data read process of FSE simply.The SSM system is provided to DRM application program (arrow 1252) from hidden partition reading of data (that is licence) and with data.The DRM application program is followed interpret data and is checked that license information in the data is to check whether licence is effective.If licence is still effective, therefore the DRM application program will notify SSM system approval contents decryption (arrow 1254) so.The content that the SSM system then uses the key value deciphering in the CEK object to be asked also will be fed to main frame with reset (arrow 1256) through decryption content.If the licence no longer valid is refused the request to content access so.
In the license file from license server, do not provide under the situation of key, licence supply and download content will be different from licence supply and the download content of explaining among Figure 46 slightly.This different schemes is explained in the protocol figure of Figure 48.Same steps as between Figure 46 and 48 is discerned by same numeral.Therefore, main frame and SSM system at first participate in checking (arrow 1202,1204).License server is provided to main frame with license file and key ID (not having key value), and main frame will be forwarded to the SSM system to the application program ID of these DRM application programs of calling with its hope.Main frame also sends player information (arrow 1206 ').The SSM system then is forwarded to selected DRM application program (arrow 1208) with license file and key ID through the communication pipe corresponding to selected application program.The DRM application requests is written to hidden partition (arrow 1210) with license file.When so writing license file, SSM notifications DRM application program (arrow 1212).The DRM application program then asks the SSM system to produce key value, creates the CEK object, key value is stored in wherein and makes the CEK object is associated (arrow 1214 ') with the ID of DRM application program.After abideing by request, the SSM system sends to DRM application program (arrow 1216) with notice.The DRM application program will then ask the SSM system based on authorizing to playback ACR from the player information of main frame the CEK object to be read access right (arrow 1218).When this accomplished, therefore the SSM system notified DRM application program (arrow 1220).The DRM application program is then notified SSM system store licenses, wherein sends said notice (arrow 1222) by callback feature through communication pipe.This notifies by the SSM system forwards to license server (arrow 1224).License server then will send to SSM system (arrow 1226) with key ID associated content file.The SSM system uses the key value encrypted content file by key ID identification under the situation that does not relate to Any Application.The content of so encrypting and being stored on the card can use the agreement of Figure 47 to reset.
In the OTP and DRM embodiment of preceding text, FSE 1102 and 1102 ' can contain many different OTP and the DRM application program supplies host apparatus to select.The user can have the selection of selecting and calling required device internal applications.Yet the SSM module is identical with the overall relation maintenance between the FSE, makes that user and data set provider can use the agreement of regular set and the SSM module is mutual and calls FSE.User and supplier needn't relate in the singularity of many different device internal applications (some of them maybe for special use).
In addition, the supply agreement is maybe be slightly different, and is the same with situation in 48 like Figure 46.The licence object contains key value in the situation of Figure 46, but in the situation of Figure 48, does not have key value.The different protocol slightly of this difference requirements such as preceding text explanation.Yet the playback among Figure 47 is identical, supplies licence howsoever.Therefore, this difference will only be related to content provider and distributor, and not be related to the consumer usually, and the consumer only relates in playback phase usually.This structure is still used by the consumer therefore for content provider and distributor's custom protocol provide great flexibility simultaneously easily.Obviously, the information that derives from the data through supply agreement supply more than two groups possibly still can be used second protocol access.
Another advantage that above embodiment provides is; Though for example user's external entity can be shared the use by the data of data of safety structure control with the device internal applications, the user only can access by the result of device internal applications from the derivation of storage data.Therefore, in OTP embodiment, the user only can obtain OTP through host apparatus, and can not obtain seed.In DRM embodiment, the user only can obtain the content that appeared through host apparatus, and can not obtain the access right to license file or cryptographic key.This characteristic facilitates for the consumer under the situation that does not jeopardize security.
In a DRM embodiment, device internal applications or main frame all do not have the access right to cryptographic key; Only the data of safety structure has this access right.In other embodiments, the key that also can access to your password of the entity except that the data of safety structure.Said key also can produce by the device internal applications, and then by the data of safety structure control.
Control by the same security data structure to the device internal applications and to the access of information (for example, OTP and the content that is appeared).This has reduced the complicacy and the cost of control system.
Through providing to main control system the ACR of the access of the information that obtains through the calling device internal applications is authorized the ability of Self Control to the access right of the inside ACR of the access of device internal applications, this characteristic makes the characteristic and the function that possibly realize preceding text.
The specific scheme of recalling of application program
When the calling device internal applications, also can revise the access control protocol of data of safety structure.For instance, the certificate revocation agreement can be to use standard agreement or the specialized protocol of CRL.Therefore, through calling FSE, standard C RL recalls agreement and can be replaced by the FSE specialized protocol.
Except supporting that CRL recalls the scheme, SSA also makes in existing the specific internal application program in the device to call main frame through the private communication passage between device internal applications and CA or any other side of Rescinding the Authorization.It is being restricted aspect the relation of main frame-application program that scheme is recalled in the internal applications special use.
When configuring application program is specific when recalling scheme, CRL (if providing) will refuse in the SSA system, otherwise will use certificate and vertical application data (before providing through application program specific communications pipeline) to determine whether recalling given evaluation.
As stated, ACR specifies through the appointment value of recalling and adopts three kinds to recall any in the scheme (nothing is recalled the specific scheme of recalling of scheme, standard C RL scheme and application program).When selecting that application program is specific recalls the scheme option, ACR also will specify an ID to the internal applications ID that is responsible for the scheme of recalling, and the value in the CET/APP_ID field will be corresponding to the internal applications ID that is responsible for the scheme of recalling.When demo plant, the dedicated alternative of internal applications will then be observed by the SSA system.
Replace in replacing a protocol suite with another protocol suite, calling of internal applications of device can be forced extra access condition to the access control that SSA has applied.For instance, the right of the key value among the access CEK can further be examined by FSE.After the SSA system confirms that ACR has the access right to key value, will before granting access, seek advice from FSE.This characteristic allows the great flexibility of content owner's control to the access aspect of content.
Though preceding text are described the present invention with reference to various embodiment, will understand, can make variation without departing from the scope of the invention and revise, scope of the present invention will only be defined by appended claims and equivalent thereof.

Claims (20)

1. method by the storage device validation entity, said method comprises:
Carry out following steps by the memory storage of communicating by letter with entity:
Receive a plurality of certificates from said entity, being used for to the said entity of said storage device validation, said a plurality of certificates are to be received from said entity orderly and with said order;
With the said a plurality of certificates of the received said sequence checking of said a plurality of certificates, wherein contrast the root certificate and check in said a plurality of certificate first;
Last that detects in said a plurality of certificate whether is verified; And
If in said a plurality of certificate said last be verified, then use in said a plurality of certificate said last to the said entity of said storage device validation.
2. method according to claim 1, last of wherein said a plurality of certificates contain in the message of indication of last certificate one and are received, and wherein through checking that said indication carries out said detection.
3. method according to claim 1, wherein said entity and said memory storage interconnect removedly.
4. method according to claim 1, it further comprises except that receiving after said last certificate, after receiving each certificate, will send to said entity to the request of next certificate of said each certificate in said a plurality of certificates.
5. method according to claim 4, it comprises that further reception comes from said next certificate of said entity, to respond each request.
6. method according to claim 1, wherein said entity comprises host apparatus, said host apparatus is connected to said memory storage removedly.
7. method according to claim 1, wherein said memory storage comprises memory cards.
8. method according to claim 1, it comprises that further first in said a plurality of certificates, next ground is stored in said a plurality of certificates in the said memory storage through rewriteeing previously stored certificate.
9. method according to claim 8, it further is included in to distribute in the said memory storage can store the required storage space of maximum in said a plurality of certificate just.
10. method according to claim 1, wherein said entity are the host apparatus with said storage communication.
11. method according to claim 1, wherein since second certificate, contrast is right after each certificate of certificate check of previous reception.
12. a memory storage, it comprises:
Storer, its storage root certificate; And
Controller, itself and said memory communication and can operate with:
Receive a plurality of certificates from entity, being used for to the said entity of said storage device validation, said a plurality of certificates are to be received from said entity orderly and with said order;
According to the said a plurality of certificates of the received said sequence checking of said a plurality of certificates, wherein contrast is stored in root certificate in the said storer and checks in said a plurality of certificate first;
Last that detects in said a plurality of certificate whether is verified; And
If in said a plurality of certificate said last be verified, then use in said a plurality of certificate said last to the said entity of said storage device validation.
13. memory storage according to claim 12; Last of wherein said a plurality of certificates contains in the message of indication of last certificate one and is received, and whether wherein said controller can be operated to be verified through last that check that said indication detects said a plurality of certificates.
14. memory storage according to claim 12, wherein said entity and said memory storage interconnect removedly.
15. memory storage according to claim 12; Wherein, Except that receiving said last certificate, said controller further can be operated with after receiving each certificate, will send to said entity to the request of next certificate of said each certificate in said a plurality of certificates.
16. memory storage according to claim 15, wherein said controller further can be operated to respond each request, receive said next certificate from said entity.
17. memory storage according to claim 12, wherein said entity comprises host apparatus, and wherein said host apparatus is connected to said memory storage removedly.
18. memory storage according to claim 17, wherein said memory storage comprises memory cards.
19. memory storage according to claim 12; Wherein, Said first in said a plurality of certificates, said controller further can be operated with through rewriteeing previously stored certificate, and next ground is stored in each of said a plurality of certificates in the said storer.
20. memory storage according to claim 19, it further is included in required storage space of maximum that distribution can be stored said a plurality of certificates just in the said memory storage.
CN2007800258488A 2006-07-07 2007-06-28 Content control system and method using certificate chains Active CN101490689B (en)

Applications Claiming Priority (7)

Application Number Priority Date Filing Date Title
US81950706P 2006-07-07 2006-07-07
US60/819,507 2006-07-07
US11/557,010 US20080010449A1 (en) 2006-07-07 2006-11-06 Content Control System Using Certificate Chains
US11/557,010 2006-11-06
US11/557,028 US8140843B2 (en) 2006-07-07 2006-11-06 Content control method using certificate chains
US11/557,028 2006-11-06
PCT/US2007/015304 WO2008013656A2 (en) 2006-07-07 2007-06-28 Content control system and method using certificate chains

Publications (2)

Publication Number Publication Date
CN101490689A CN101490689A (en) 2009-07-22
CN101490689B true CN101490689B (en) 2012-05-16

Family

ID=40880969

Family Applications (5)

Application Number Title Priority Date Filing Date
CNA2007800257362A Pending CN101484904A (en) 2006-07-07 2007-06-28 Content control system and method using versatile control structure
CN2007800258488A Active CN101490689B (en) 2006-07-07 2007-06-28 Content control system and method using certificate chains
CN2007800257659A Active CN101490687B (en) 2006-07-07 2007-06-28 Control system and method using identity objects
CNA2007800257856A Pending CN101490688A (en) 2006-07-07 2007-06-28 Content control system and method using certificate revocation lists
CN2007800252871A Active CN101484903B (en) 2006-07-07 2007-06-28 System and method for controlling information supplied from memory device

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CNA2007800257362A Pending CN101484904A (en) 2006-07-07 2007-06-28 Content control system and method using versatile control structure

Family Applications After (3)

Application Number Title Priority Date Filing Date
CN2007800257659A Active CN101490687B (en) 2006-07-07 2007-06-28 Control system and method using identity objects
CNA2007800257856A Pending CN101490688A (en) 2006-07-07 2007-06-28 Content control system and method using certificate revocation lists
CN2007800252871A Active CN101484903B (en) 2006-07-07 2007-06-28 System and method for controlling information supplied from memory device

Country Status (1)

Country Link
CN (5) CN101484904A (en)

Families Citing this family (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5604929B2 (en) * 2010-03-29 2014-10-15 ソニー株式会社 Memory device and memory system
JP2012008756A (en) * 2010-06-24 2012-01-12 Sony Corp Information processing device, information processing method and program
CN103150524B (en) * 2013-01-30 2016-01-13 华中科技大学 A kind of safe storage chip, system and authentication method thereof
CN106664292A (en) * 2014-05-09 2017-05-10 凡尔塔斯姆有限公司 Devices, systems, and methods for facilitating low trust and zero trust value transfers
CN106462719A (en) * 2014-07-31 2017-02-22 宇龙计算机通信科技(深圳)有限公司 Method and device for encrypting memory card
CN105991536A (en) * 2014-11-07 2016-10-05 天地融科技股份有限公司 Data interaction system
CN105989476A (en) * 2014-11-07 2016-10-05 天地融科技股份有限公司 Data interaction method
CN105991533A (en) * 2014-11-07 2016-10-05 天地融科技股份有限公司 Data interaction method
US9619670B1 (en) * 2015-01-09 2017-04-11 Github, Inc. Detecting user credentials from inputted data
US10635722B2 (en) * 2015-04-20 2020-04-28 Ogy Docs, Inc. Method of distributed management of electronic documents of title (EDT) and system thereof
EP3125489B1 (en) * 2015-07-31 2017-08-09 BRITISH TELECOMMUNICATIONS public limited company Mitigating blockchain attack
US10366204B2 (en) * 2015-08-03 2019-07-30 Change Healthcare Holdings, Llc System and method for decentralized autonomous healthcare economy platform
KR101637868B1 (en) * 2016-02-22 2016-07-08 주식회사 코인플러그 Financial institution document verification system that is based on the block chain
US10148634B2 (en) * 2016-04-05 2018-12-04 Deere & Company Operator authentication for a work machine
EP4195128A1 (en) * 2016-04-11 2023-06-14 nChain Licensing AG A method for secure peer-to-peer communication on a blockchain
GB201607476D0 (en) * 2016-04-29 2016-06-15 Eitc Holdings Ltd Operating system for blockchain IOT devices
US10411905B2 (en) * 2016-07-01 2019-09-10 Intel Corporation Public key infrastructure using blockchains
US20180062831A1 (en) * 2016-08-31 2018-03-01 Jiangang Zhang Massively Scalable Blockchain Ledger
WO2018046008A1 (en) * 2016-09-12 2018-03-15 上海鼎利信息科技有限公司 Storage design method of blockchain encrypted radio frequency chip
US10749684B2 (en) * 2016-09-30 2020-08-18 Entrust, Inc. Methods and apparatus for providing blockchain participant identity binding
CN106934623B (en) * 2016-12-07 2021-06-08 中国银联股份有限公司 Account integrity checking method based on Ether house block chain technology
CN106850819A (en) * 2017-02-17 2017-06-13 深圳市中博睿存信息技术有限公司 A kind of method and system for improving object storage security
WO2018205137A1 (en) * 2017-05-09 2018-11-15 Accenture Global Solutions Limited Data storage layer index for efficient information retrieval
CN107291856B (en) * 2017-06-08 2020-02-14 上海畴珉软件开发服务中心 Blood product distribution method and system based on big data technology
CN108197438A (en) * 2018-03-26 2018-06-22 大连云观信息技术有限公司 A kind of digital literary property protection method based on complex encryption technology
CN109035509A (en) * 2018-07-12 2018-12-18 佛山伊苏巨森科技有限公司 A method of intelligent door lock is opened and closed by block chain
CN109035510A (en) * 2018-07-12 2018-12-18 佛山伊苏巨森科技有限公司 A method of controlling the access of express delivery smart lock by block chain
CN112385178B (en) * 2018-08-14 2022-03-08 华为技术有限公司 Lightweight certificate status checking system for large number of certificates
FR3090921B1 (en) * 2018-12-19 2021-11-19 Idemia France Managing access to data in a non-volatile memory of an electronic device
CN113228025A (en) * 2018-12-21 2021-08-06 美光科技公司 Method and apparatus for secure memory access
CN113098907B (en) * 2019-03-05 2023-07-11 深圳前海微众银行股份有限公司 Group division method and device for block chain
CN110096861A (en) * 2019-04-12 2019-08-06 檀鹏程 A kind of bi-directional distributed formula authentication system based on biological characteristic
CN112084536B (en) * 2020-09-01 2023-07-21 中国银行股份有限公司 Key storage method and device based on blockchain
CN112395596A (en) * 2020-11-06 2021-02-23 广东天波信息技术股份有限公司 Anti-cutting machine application installation method and device based on android system
CN112700245A (en) * 2020-12-30 2021-04-23 标信智链(杭州)科技发展有限公司 Block chain-based digital mobile certificate application method and device
CN113744436B (en) * 2021-09-02 2023-05-23 中广核永寿新能源有限公司 Internet of things fan cabin door safety error-prevention control method based on electric power two-ticket management
CN116319072B (en) * 2023-05-11 2023-07-21 西华大学 Authentication and hierarchical access control integrated method based on blockchain technology

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002096016A2 (en) * 2001-05-23 2002-11-28 Thomson Licensing S.A. Security devices and processes for protecting and identifying messages
US6513116B1 (en) * 1997-05-16 2003-01-28 Liberate Technologies Security information acquisition
CN1581144A (en) * 2003-07-31 2005-02-16 上海市电子商务安全证书管理中心有限公司 Digital certificate local identification method and system
CN1771710A (en) * 2003-04-03 2006-05-10 松下电器产业株式会社 Apparatuses, methods and computer software productus for judging the validity of a server certificate
WO2006069311A2 (en) * 2004-12-21 2006-06-29 Sandisk Corporation Control structure for versatile content control and method using structure

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5473692A (en) * 1994-09-07 1995-12-05 Intel Corporation Roving software license for a hardware agent
US5778071A (en) * 1994-07-12 1998-07-07 Information Resource Engineering, Inc. Pocket encrypting and authenticating communications device
US6400823B1 (en) * 1996-12-13 2002-06-04 Compaq Computer Corporation Securely generating a computer system password by utilizing an external encryption algorithm
US6779113B1 (en) * 1999-11-05 2004-08-17 Microsoft Corporation Integrated circuit card with situation dependent identity authentication
EP1276033B1 (en) * 2001-07-10 2012-03-14 Trident Microsystems (Far East) Ltd. Memory device with data protection in a processor
US7925894B2 (en) * 2001-07-25 2011-04-12 Seagate Technology Llc System and method for delivering versatile security, digital rights management, and privacy services
CN1280737C (en) * 2002-12-31 2006-10-18 台均科技(深圳)有限公司 Safety authentication method for movable storage device and read and write identification device
EP1594250A1 (en) * 2004-05-03 2005-11-09 Thomson Licensing Distributed management of a certificate revocation list
TW201017514A (en) * 2004-12-21 2010-05-01 Sandisk Corp Memory system with versatile content control
WO2006069274A2 (en) * 2004-12-21 2006-06-29 Sandisk Corporation Versatile content control with partitioning
KR20070091349A (en) * 2004-12-21 2007-09-10 샌디스크 코포레이션 System for creating control structure for versatile content control

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6513116B1 (en) * 1997-05-16 2003-01-28 Liberate Technologies Security information acquisition
WO2002096016A2 (en) * 2001-05-23 2002-11-28 Thomson Licensing S.A. Security devices and processes for protecting and identifying messages
CN1771710A (en) * 2003-04-03 2006-05-10 松下电器产业株式会社 Apparatuses, methods and computer software productus for judging the validity of a server certificate
CN1581144A (en) * 2003-07-31 2005-02-16 上海市电子商务安全证书管理中心有限公司 Digital certificate local identification method and system
WO2006069311A2 (en) * 2004-12-21 2006-06-29 Sandisk Corporation Control structure for versatile content control and method using structure

Also Published As

Publication number Publication date
CN101490689A (en) 2009-07-22
CN101484903A (en) 2009-07-15
CN101484903B (en) 2013-09-25
CN101490687A (en) 2009-07-22
CN101484904A (en) 2009-07-15
CN101490687B (en) 2012-04-18
CN101490688A (en) 2009-07-22

Similar Documents

Publication Publication Date Title
CN101490689B (en) Content control system and method using certificate chains
CN101819612B (en) Versatile content control with partitioning
CN101908106B (en) Memory system with versatile content control
US8613103B2 (en) Content control method using versatile control structure
CN101361076B (en) Mobile memory system for secure storage and delivery of media content
US8140843B2 (en) Content control method using certificate chains
CN101107611B (en) Private and controlled ownership sharing method, device and system
CN102906755A (en) Content control method using certificate revocation lists
CN101120355B (en) System for creating control structure for versatile content control
US20080034440A1 (en) Content Control System Using Versatile Control Structure
JP5180203B2 (en) System and method for controlling information supplied from a memory device
US20080010449A1 (en) Content Control System Using Certificate Chains
KR20090052321A (en) Content control system and method using versatile control structure
JP5178716B2 (en) Content management system and method using certificate revocation list
KR20090026357A (en) Content control system and method using certificate chains
JP2009543210A (en) Control system and method using identity objects
JP2009543210A5 (en)
US11880486B2 (en) Device, requesting a device, method and computer program

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Owner name: SANDISK TECHNOLOGIES, INC.

Free format text: FORMER OWNER: SANDISK CORPORATION

Effective date: 20121218

C41 Transfer of patent application or patent right or utility model
TR01 Transfer of patent right

Effective date of registration: 20121218

Address after: American Texas

Patentee after: Sandisk Corp.

Address before: American California

Patentee before: Sandisk Corp.

C56 Change in the name or address of the patentee
CP01 Change in the name or title of a patent holder

Address after: American Texas

Patentee after: DELPHI INT OPERATIONS LUX SRL

Address before: American Texas

Patentee before: Sandisk Corp.